Decode and inspect JSON Web Tokens. View header, payload, and check expiration status.
Algorithm & type
Claims & data
Verification hash
Paste a JWT token above to decode it
Or try one of the example tokens
Copy a JWT token from your application, API response, or browser cookies and paste it into the input field.
The header and payload are decoded and displayed with syntax highlighting. Check the algorithm, claims, and timestamps.
If the token has an 'exp' claim, you'll see whether it's expired or still valid, with the exact expiration date.
No. This tool decodes and displays the token contents. Signature verification requires the secret key or public key, which should never be shared with online tools.
Yes. The token is decoded entirely in your browser using JavaScript's atob() function. Nothing is sent to any server. However, avoid sharing tokens publicly.
The 'exp' (expiration) claim is a Unix timestamp indicating when the token expires. After this time, the token should no longer be accepted by servers.
'sub' is the subject (usually user ID), 'iat' is issued-at timestamp, 'exp' is expiration, 'iss' is the issuer, 'aud' is the audience, and 'nbf' is not-before timestamp.
Encode and decode text to Base64 with URL-safe mode and Unicode support.
Open ToolFormat, minify, and validate JSON data with syntax highlighting and error detection.
Open ToolGenerate UUID v4 and v7 online. Bulk generation, uppercase, no-dash formatting. Cryptographically secure.
Open Tool