Back to Tools
JWT Decoder
Decode and inspect JSON Web Tokens instantly. View header, payload, and expiration. All processing happens in your browser — your tokens stay private.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims between two parties. JWTs are commonly used for authentication and information exchange in web applications and APIs.
JWT Structure
A JWT consists of three parts separated by dots (.):
- Header — Contains the token type (JWT) and signing algorithm (e.g., HS256, RS256)
- Payload — Contains the claims (user data, expiration, issuer, etc.)
- Signature — Verifies the token was not tampered with
Common JWT Claims
| Claim | Name | Description |
|---|---|---|
| iss | Issuer | Who issued the token |
| sub | Subject | Who the token is about (usually user ID) |
| aud | Audience | Who the token is intended for |
| exp | Expiration | When the token expires (Unix timestamp) |
| iat | Issued At | When the token was issued (Unix timestamp) |
Security Note
This tool decodes JWTs entirely in your browser. Your tokens are never sent to any server. However, remember that JWTs are only encoded, not encrypted — anyone with the token can read its contents. Never put sensitive data in a JWT payload.