A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of a header, payload, and signature.

Can this tool verify JWT signatures?

This tool decodes and inspects JWT tokens, showing the header, payload, and claims. It checks expiration status but does not verify signatures as that requires the secret key.

Is it safe to paste my JWT here?

Yes, all decoding happens in your browser. Your JWT token is never sent to any server. However, never share your JWTs publicly as they may contain sensitive data.

JWT-Decoder

JSON Web Tokens (JWT) dekodieren und untersuchen. Header, Payload, Claims und Ablaufstatus anzeigen.

JWT-Token

Anleitung

JSON Web Tokens (JWT) dekodieren und untersuchen. Header, Payload, Claims und Ablaufstatus anzeigen.

1Paste a JWT token (three Base64url segments separated by dots) into the input field.
2The tool decodes and displays the Header, Payload, and Signature sections.
3Review the claims in the Payload: `iss`, `sub`, `exp`, `iat`, and any custom claims.
4Check the expiration status — the tool highlights whether the token is expired.

Funktionen

Decodes JWT header, payload, and signature without any server request
Displays all standard and custom claims in formatted JSON
Shows token expiration status and remaining time or time since expiry
Handles HS256, HS384, HS512, RS256, and other common algorithms

Häufig gestellte Fragen

Mehr erfahren

API Security Best Practices for Developers