A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of a header, payload, and signature.

Can this tool verify JWT signatures?

This tool decodes and inspects JWT tokens, showing the header, payload, and claims. It checks expiration status but does not verify signatures as that requires the secret key.

Is it safe to paste my JWT here?

Yes, all decoding happens in your browser. Your JWT token is never sent to any server. However, never share your JWTs publicly as they may contain sensitive data.

Decodificador JWT

Decodifica e inspecciona JSON Web Tokens (JWT). Ve el encabezado, payload, claims y estado de expiración.

Token JWT

Cómo usar

Decodifica e inspecciona JSON Web Tokens (JWT). Ve el encabezado, payload, claims y estado de expiración.

1Paste a JWT token (three Base64url segments separated by dots) into the input field.
2The tool decodes and displays the Header, Payload, and Signature sections.
3Review the claims in the Payload: `iss`, `sub`, `exp`, `iat`, and any custom claims.
4Check the expiration status — the tool highlights whether the token is expired.

Características

Decodes JWT header, payload, and signature without any server request
Displays all standard and custom claims in formatted JSON
Shows token expiration status and remaining time or time since expiry
Handles HS256, HS384, HS512, RS256, and other common algorithms

Preguntas frecuentes

Más información

API Security Best Practices for Developers