JWT Decoder
Paste a JSON Web Token to read its header and payload as formatted JSON. Issued, not-before and expiry times are shown as readable dates, and you'll see whether the token has expired.
Runs in your browser — your files never leave your device
How to use JWT Decoder
- 1Paste your JWT (the eyJ… string) above.
- 2Read the decoded header and payload.
- 3Check the issued and expiry times and the validity status.
Frequently asked questions
Does this verify the signature?
No. Verifying a signature requires the secret or public key. This tool decodes the token so you can inspect its contents.
Is it safe to paste my token here?
Yes — decoding happens entirely in your browser and the token is never sent anywhere. Still, avoid sharing production tokens.
What do iat and exp mean?
iat is the time the token was issued and exp is when it expires, both as Unix timestamps, shown here as readable dates.