Is my token sent to your server?

No. Decoding is 100% client-side JavaScript — the token never leaves your browser.

Does this verify the signature?

No. Signature verification requires the secret or public key and must be done server-side. This tool only decodes the readable parts.

What do exp and iat mean?

“iat” is issued-at and “exp” is expiry, both Unix timestamps. We convert them to readable dates for you.

JWT Decoder

Decode and inspect the header and payload of a JSON Web Token — entirely in your browser.

About the JWT Decoder

A JSON Web Token (JWT) has three Base64URL-encoded parts: a header, a payload of claims, and a signature. This decoder reveals the header and payload so you can debug authentication issues.

Decoding happens entirely in your browser — your token is never sent to our servers. Note that decoding does not verify the signature; never trust a token without validating it server-side.

Frequently asked questions

More free tools

Domain WHOIS DNS Lookup Reverse DNS / PTR IP Lookup HTTP Header Checker Port Checker Website Up / Down SSL Certificate Checker

JWT Decoder

About the JWT Decoder

Frequently asked questions

More free tools

Ready to make your website faster?

Client Login

Choose Currency