JWT Decoder

Decode JWT headers + payloads. Surfaces issued, expires, and notBefore timestamps.

100% Private

Your files never leave your device

Lightning fast

Optimised for speed

No sign-up

Use instantly, no account

Encoded token

Decoded entirely in your browser — the token never leaves your device.

Decode a JSON Web Token to inspect its header, payload, and claims — and verify its HMAC signature with your secret, right in the browser. Edit the header or payload and the token re-signs live.

How to use JWT Decoder

1Paste a JWT (header.payload.signature) into the input.
2Read the decoded header and payload, plus a plain-English claims table.
3Enter the shared secret to verify an HS256/384/512 signature.
4Edit the header or payload to re-issue a new signed token.

Frequently asked questions

Yes, for HMAC algorithms (HS256, HS384, HS512) — enter the shared secret and you’ll see a Valid or Invalid badge instantly. Asymmetric algorithms (RS/ES/PS) need the issuer’s public key, which isn’t entered here.

Decoding and verification happen entirely in your browser — the token and secret are never sent anywhere. That said, treat production tokens with care and avoid sharing your screen.

They’re timestamps: iat is when the token was issued, nbf is the earliest it’s valid, and exp is when it expires. The tool shows each as a readable date plus a relative time like “expires in 2 days”.

Yes. Edit the header or payload fields and, with a secret entered, the token is re-signed live so you can craft test tokens.

Yes, completely free with no sign-up, no watermark, and no daily limits. Use it as much as you like.

Still have questions?

If you can’t find the answer you’re looking for, our support team is here to help.

Contact Support

Secure Fast Private

More tools

Keep going.

Browse all tools

JWT Decoder

How to use JWT Decoder

Frequently asked questions

Still have questions?

Keep going.

JSON Formatter

Base64 Encode / Decode

URL Encode / Decode

Image Compressor

PDF Merger

Image Resizer