JWT

Decode JWT tokens — header, payload, claims

JWT Token

JWT Decoder: Decode, Parse & Inspect JSON Web Tokens Online

A JSON Web Token is split into its three parts — header, payload, and signature — and all claims are shown in readable JSON by this JWT decoder. JWTs are used everywhere in modern authentication (OAuth2, OpenID Connect, API gateways). After a token is pasted, claims like subject, expiration, issued-at, and any custom claims are instantly shown. Everything is processed in your browser — tokens are never sent to our servers. This tool is also sometimes called a JWT parser, JWT inspector, or online JWT decoder.

Reading token claims

The payload section contains claims like "sub" (subject/user ID), "exp" (expiration timestamp), "iat" (issued at), and custom claims added by your application. These are shown in a readable format and whether the token has expired is highlighted. For expiration timestamps, our Unix timestamp converter can be used.

Is it safe to decode JWTs online?

Yes — JWT payloads are not encrypted, just Base64-encoded. Anyone who has the token can read the claims. The signature prevents tampering, not reading. This tool runs entirely in your browser with zero server communication, so your tokens stay on your machine.