JWT Decoder — Decode & Inspect JWT Tokens Online Free
Decode JWT header and payload, check expiry, and verify HS256 signatures — 100% client-side.
Also searched as: jwt token decoder · json web token decoder · jwt inspector · jwt parser · jwt debugger
How to Use
Step-by-step guide to get the most from this tool
- 1
Paste token
Paste the full JWT string (three dot-separated parts).
- 2
Inspect claims
Read header algorithm and payload claims with timestamps.
- 3
Check expiry
See if the token is valid or expired.
- 4
Verify HS256
Enter shared secret and click Verify signature for HMAC tokens.
Features
What makes this tool stand out
Decode
Header and payload as readable JSON.
Expiry check
Valid/expired status with countdown.
HS256 verify
Client-side HMAC signature check.
Copy sections
Copy header or payload JSON.
Timestamps
Human-readable exp, iat, nbf.
Private
No server requests.
Related Tools
More free utilities you might find useful
Frequently Asked Questions
Quick answers to common questions
What is a JWT?+
JWT (JSON Web Token) has three Base64URL parts: Header.Payload.Signature for transmitting claims securely.
Is it safe to paste my JWT here?+
Processing is client-side only, but never paste valid access tokens with sensitive claims. Revoke first if unsure.
Can this verify signatures?+
Yes for HS256. Enter the shared secret to verify HMAC signatures in your browser.
What does "exp" mean?+
Expiration time as Unix timestamp. The tool shows human-readable dates for exp, iat, and nbf.
Why can't RS256 be verified here?+
RS256 needs a public key. This tool verifies HS256 (symmetric) secrets client-side.
What if my token is expired?+
A red banner shows expiry date. Expired tokens should be rejected by your API.
Can I copy header or payload?+
Yes. Use Copy on each section to get formatted JSON.
Is data sent to a server?+
No. Decode and verify run entirely in your browser.