Developer Tools
Decode JWT tokens instantly to inspect header, payload, claims, and expiration data.
Use this free JWT Decoder to inspect JSON Web Tokens quickly in the browser. It helps you read JWT header and payload data, check common claims such as exp, iat, iss, aud, sub, and understand what a token contains during API development, authentication debugging, and integration testing. Paste a JWT token to decode it instantly without writing code or manually splitting Base64 URL segments.
Use this free JWT Decoder to inspect JSON Web Tokens quickly in the browser. It helps you read JWT header and payload data, check common claims such as exp, iat, iss, aud, sub, and understand what a token contains during API development, authentication debugging, and integration testing. Paste a JWT token to decode it instantly without writing code or manually splitting Base64 URL segments.
Use jwt decoder when you need a fast browser-based result without extra setup. It works well for quick checks, one-off tasks, and routine formatting or calculation work.
JWT Decoder is built for full JWT tokens with dot-separated Base64 URL parts. Base64 Decoder is better for ordinary Base64 strings. If you are looking at an auth token rather than a plain encoded string, the JWT tool is the better fit.
JWT Decoder helps you inspect the full token content, including header and payload. JWT Expiry Checker is more focused on whether the token is expired or close to expiring. Use the decoder when you need full context, and the expiry checker when time-based validation is the main question.
If you mainly want to check whether a token is expired, open JWT Expiry Checker. If you want to inspect the token in a more parser-focused way, use JWT Parser. If you decode a claim that contains JSON or encoded text, you may also want JSON Formatter or Base64 Decoder.
Read step-by-step usage guidance, best practices, and common mistakes.
See common questions and answers about input, output, and tool usage.
Review practical input and output examples before running the tool.
Find similar and supporting tools for adjacent actions and follow-up tasks.
Input
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.signature
Output
Header and Payload JSON
Useful when you want to inspect standard claims and basic token structure.
Input
eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3MzU2ODk2MDAsInN1YiI6InVzZXIxIn0.signature
Output
Decoded payload with exp claim
Helpful when debugging expired or soon-to-expire tokens.
Input
eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL2F1dGguZXhhbXBsZS5jb20iLCJhdWQiOiJhcGktY2xpZW50Iiwic3ViIjoidXNlcjEyMyJ9.signature
Output
Decoded payload with iss, aud, and sub
Useful for checking whether the token was issued for the correct app or API.
Input
eyJhbGciOiJIUzI1NiJ9.eyJyb2xlcyI6WyJhZG1pbiIsImVkaXRvciJdLCJwZXJtaXNzaW9ucyI6WyJyZWFkIiwid3JpdGUiXX0.signature
Output
Decoded payload with roles and permissions
Useful for debugging authorization problems and role-based access rules.
Input
eyJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnQiOiJhY21lIiwidXNlcl90eXBlIjoicHJvIiwidGllciI6ImdvbGQifQ.signature
Output
Decoded payload with custom claims
Helpful when your app stores tenant, plan, or account information in custom fields.
Input
eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMyJ9.eyJzdWIiOiJ1c2VyLTEiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLCJleHAiOjE3MzU2ODk2MDAsImlhdCI6MTczNTYwMzIwMH0.signature
Output
Decoded header and payload with user and timing claims
Useful when checking whether the token content matches the user who just signed in.
Input
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjMifQ
Output
Invalid JWT
A JWT normally contains three dot-separated parts: header, payload, and signature.
Input
invalid.token.value
Output
Invalid JWT
The decoder fails when token segments are not valid JWT data.
Fix: Make sure the token includes all dot-separated sections and was copied completely.
Fix: Use the decoder to inspect content only. Signature validation is a separate step.
Fix: JWT uses Base64 URL encoding, so a JWT-specific tool is the right choice.
Fix: A token can decode successfully and still be expired, forged, or signed with an invalid key.
Fix: Interpret claims like exp and iat as Unix timestamps and compare them carefully.
A JWT decoder reads the token header and payload so you can inspect the claims inside a JSON Web Token.
No. Decoding only shows the token content. Signature verification is a separate security check.
JWT Decoder is designed for dot-separated JWT tokens that use Base64 URL segments, while Base64 Decoder is for standard Base64 strings.
Yes. If the token includes an exp claim, you can inspect it after decoding.
Common reasons include missing token parts, broken Base64 URL data, copy errors, or a value that is not actually a JWT.
Yes. If those values are present in the payload, this tool can help you read them.
The most useful claims to check first are usually exp, iat, iss, aud, sub, and any app-specific roles or scopes.
That depends on how the page is implemented. If decoding happens client-side in the browser, the token is not sent elsewhere during the decode step.
Yes. It is useful for both, as long as the token is in JWT format.
Not by itself. A decoded token may still be expired, invalidly signed, issued for the wrong audience, or otherwise unusable.