CreatorLaunch

JWT Decoder

Paste a JSON Web Token to decode its header and payload and read the claims — with a human-readable expiry. Everything runs in your browser; the token is never sent anywhere.

Note: this decodes a token for inspection — it does not verify the signature (that needs the secret/key). Don't treat a token as valid based on decoded contents.

Header

Payload

 
 
 
 
FAQ
 
What is a JWT?
 
A JSON Web Token is a compact, URL-safe token with three Base64url parts separated by dots: a header, a payload
      of claims (like user id and expiry), and a signature. It's widely used for authentication.
 
Does this verify the token signature?
 
No. It decodes the header and payload so you can read them — it does not verify the signature, because that
      requires the secret or public key. Decoding is for inspection; never trust a token as valid from decoded
      contents alone.
 
Is it safe to paste a token here?
 
Decoding happens entirely in your browser — nothing is sent, logged or stored. Still, JWTs can hold sensitive
      claims and live tokens could be used to impersonate you, so avoid pasting production tokens into sites you don't
      fully trust.
 
Why is my token showing as expired?
 
The payload's exp claim is a Unix timestamp for when the token expires. This tool converts it to a readable date
      and flags it if that time has passed. An expired token still decodes here but the server will reject it.
 
More tools: Base64 encode/decode,
JSON formatter, and the full tools list.
 
  
 
 
 
Free Starter Pack: grab our no-cost kit of templates and checklists to
          launch your first online income stream — no credit card, just an email.
 Get the free pack →