Is the jwt decoder free?

Yes — 100% free, no signup, no usage limits.

Does it save my data?

No. Inputs are processed in your browser and never uploaded to a server.

Can I use it on mobile?

Yes. The interface is fully responsive and works on iOS and Android.

Does this verify the JWT signature?

No. This tool only decodes the visible header and payload. Signature verification requires the issuer's secret key and should happen on a trusted server.

Is it safe to paste production JWTs?

Decoding happens entirely in your browser — no tokens are uploaded. Still, treat JWTs like passwords and avoid pasting them on machines you don't control.

JWT Decoder — Inspect JSON Web Tokens

Paste a JWT to view its header, payload, and expiry — decoded entirely in your browser.

JWT token

Decode-only. Signature is not verified — JWTs are not encrypted, so anyone with the token can read its contents.

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

{
  "sub": "1234567890",
  "name": "Jane Doe",
  "iat": 1715792000,
  "exp": 1747328000
}

Issued at: 2024-05-15T16:53:20.000Z
Expires at: 2025-05-15T16:53:20.000Z
Status: Expired

How to use

Step 1: Paste the JWT (three Base64URL parts joined by dots)
Step 2: View the decoded header and payload
Step 3: Check issued-at and expiry timestamps

Frequently asked questions

A JWT (JSON Web Token) is a compact, URL-safe token used for authentication.