JWT Decoder
Frequently Asked Questions
What is a JSON Web Token (JWT)?
A JWT is a compact, URL-safe token format used to securely transmit claims between parties. It consists of three Base64URL-encoded parts — header, payload, and signature — separated by dots. JWTs are widely used for authentication and webhook authorization.
Does this tool verify the JWT signature?
No. This tool only decodes and inspects the JWT contents. Signature verification requires the secret key or public key used to sign the token, which should only be done on your server to prevent security risks.
Is it safe to paste my JWT here?
Yes. Everything runs entirely in your browser using JavaScript. The token is never sent to any server. However, avoid sharing JWTs publicly as they may contain sensitive claims.
How do I check if a JWT is expired?
Paste the token and look at the expiration badge. The tool reads the "exp" claim and compares it to the current time, showing whether the token is still valid or has expired and by how much.