Online JWT decoder, no login required. Paste a JSON Web Token to inspect its header, payload and expiration. Decoding happens entirely in your browser.
Algorithm & type
Claims & data
Verification hash
Paste a JWT token above to decode it
Or try one of the example tokens
Copy a JWT token from your application, API response, or browser cookies and paste it into the input field.
The header and payload are decoded and displayed with syntax highlighting. Check the algorithm, claims, and timestamps.
If the token has an 'exp' claim, you'll see whether it's expired or still valid, with the exact expiration date.
No. This tool decodes and displays the token contents. Signature verification requires the secret key or public key, which should never be shared with online tools.
Yes. The token is decoded entirely in your browser using JavaScript's atob() function. Nothing is sent to any server. However, avoid sharing tokens publicly.
The 'exp' (expiration) claim is a Unix timestamp indicating when the token expires. After this time, the token should no longer be accepted by servers.
'sub' is the subject (usually user ID), 'iat' is issued-at timestamp, 'exp' is expiration, 'iss' is the issuer, 'aud' is the audience, and 'nbf' is not-before timestamp.
Free online Base64 encoder and decoder. Convert text and data with URL-safe mode and full Unicode support, all in your browser.
Open ToolFree online JSON formatter and validator. Format, minify and validate JSON with syntax highlighting and instant error detection.
Open ToolOnline UUID v4 and v7 generator, free. Bulk generation with uppercase and no-dash formatting. Cryptographically secure and generated in your browser.
Open Tool