A JSON Web Token (JWT) is a compact, URL-safe token format used for securely transmitting information between parties. It consists of a header, payload, and signature.

Can this tool verify JWT signatures?

This tool decodes and inspects JWT tokens, showing the header, payload, and claims. It checks expiration status but does not verify signatures as that requires the secret key.

Is it safe to paste my JWT here?

Yes, all decoding happens in your browser. Your JWT token is never sent to any server. However, never share your JWTs publicly as they may contain sensitive data.

JWTデコーダー

JSON Webトークン(JWT)をデコードして検査します。ヘッダー、ペイロード、クレーム、有効期限を確認できます。

JWTトークン

使い方

JSON Webトークン(JWT)をデコードして検査します。ヘッダー、ペイロード、クレーム、有効期限を確認できます。

1Paste a JWT token (three Base64url segments separated by dots) into the input field.
2The tool decodes and displays the Header, Payload, and Signature sections.
3Review the claims in the Payload: `iss`, `sub`, `exp`, `iat`, and any custom claims.
4Check the expiration status — the tool highlights whether the token is expired.

主な機能

Decodes JWT header, payload, and signature without any server request
Displays all standard and custom claims in formatted JSON
Shows token expiration status and remaining time or time since expiry
Handles HS256, HS384, HS512, RS256, and other common algorithms

よくある質問

詳しく読む

API Security Best Practices for Developers