A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of a header, payload, and signature.

Can this tool verify JWT signatures?

This tool decodes and inspects JWT tokens, showing the header, payload, and claims. It checks expiration status but does not verify signatures as that requires the secret key.

Is it safe to paste my JWT here?

Yes, all decoding happens in your browser. Your JWT token is never sent to any server. However, never share your JWTs publicly as they may contain sensitive data.

Décodeur JWT

Décodez et inspectez les JSON Web Tokens (JWT). Affichez l'en-tête, le payload, les claims et le statut d'expiration.

Token JWT

Comment utiliser

Décodez et inspectez les JSON Web Tokens (JWT). Affichez l'en-tête, le payload, les claims et le statut d'expiration.

1Paste a JWT token (three Base64url segments separated by dots) into the input field.
2The tool decodes and displays the Header, Payload, and Signature sections.
3Review the claims in the Payload: `iss`, `sub`, `exp`, `iat`, and any custom claims.
4Check the expiration status — the tool highlights whether the token is expired.

Fonctionnalités

Decodes JWT header, payload, and signature without any server request
Displays all standard and custom claims in formatted JSON
Shows token expiration status and remaining time or time since expiry
Handles HS256, HS384, HS512, RS256, and other common algorithms

Questions fréquentes

En savoir plus

API Security Best Practices for Developers