What is JWT Decoder & Inspector Online?
A JSON Web Token (JWT) is a compact, URL-safe means of representing claims between two parties, defined by RFC 7519. Every JWT has three parts separated by dots: a Base64-encoded header (algorithm), a Base64-encoded payload (claims), and a signature. This tool decodes the header and payload for quick inspection of token contents, expiry, and issuer — all client-side.
How to Use JWT Decoder & Inspector Online
- Paste your JWT token into the input field.
- The header and payload are decoded and displayed instantly.
- Check the exp claim to see when the token expires.
Example
Decoded JWT header
Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Output
{ "alg": "HS256", "typ": "JWT" }Frequently Asked Questions
Is it safe to paste my JWT here?
Yes. JWTs are decoded client-side. Your token never reaches a server. That said, never share real JWTs from production systems in untrusted environments.
Can this tool verify a JWT signature?
JWT signature verification requires the secret key. This tool decodes the header and payload only. Use server-side libraries like jsonwebtoken for full verification.
What does "exp" mean in a JWT?
"exp" is the expiration time as a Unix timestamp (seconds since Jan 1, 1970). If the current time exceeds this value, the token is expired and invalid.