Developer Utilities · Free tool

JWT Decoder

Paste a JWT — see header, payload, and signature decoded. Client-side only, your token never leaves the browser.

Updated April 2026

JWT Token

Expiry: expired 889d 16h ago (2023-11-14T23:13:20.000Z)

Issued: issued 889d 17h ago (2023-11-14T22:13:20.000Z)

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "Jane Doe",
  "iat": 1700000000,
  "exp": 1700003600
}

Signature (base64url, not verified)

XyZsignatureHerePlaceholderAbc

This tool does not verify signatures. Never trust a JWT without server-side verification.

What it does

Paste a JSON Web Token (JWT) to decode its header and payload locally in your browser. The tool reveals the algorithm, issuer, expiry, and any custom claims — and shows a human-readable version of exp and iat timestamps (“expires in 2h 14m” / “expired 3d ago”).

No signature verification — that requires the signing key and is done server-side in production code. Use this for quick debugging, never for authentication. Tokens never leave your browser. See Base64 encoder for raw base64url work or hash generator for signing material.

How to use it

Paste the JWT (three base64url segments separated by dots).
Review the decoded header and payload.
Check the human-readable expiry and issued-at times.
Copy individual sections with the copy buttons.