How to Decode & Test JWT Tokens

Decode, inspect, and validate JSON Web Tokens instantly. View header, payload, and signature. Free JWT debugger with expiration checking and claim analysis.

Open JWT Decoder →

Step-by-Step Guide

1

Paste your JWT token

Copy the JWT token from your application, API response, browser cookies, or Authorization header and paste it into the input field. The tool accepts any standard JWT with three dot-separated parts (header.payload.signature).

2

Inspect the header

View the decoded JOSE header showing the signing algorithm (HS256, RS256, ES256, etc.), token type, and key ID. This tells you how the token was signed and which key to use for verification.

3

Read the payload claims

See all claims in the token payload — standard claims like iss (issuer), sub (subject), exp (expiration), iat (issued at), plus any custom claims. Timestamps are automatically converted to human-readable dates.

4

Check expiration status

The tool highlights whether the token is currently valid or expired by comparing the exp claim to the current time. It also shows how much time remains before expiration or how long ago it expired.

Try It Now — Free

No signup, no download. Runs entirely in your browser.

Open JWT Decoder

Frequently Asked Questions

Is it safe to paste my JWT here?
Yes. The decoder runs entirely in your browser — the token is never sent to any server. However, never share production JWTs containing sensitive data publicly. This tool is ideal for debugging during development.
Can this tool verify JWT signatures?
The tool decodes and displays the header and payload without needing a secret key. For full signature verification, you would need the signing secret (HS256) or public key (RS256/ES256), which should be kept secure.
What is the difference between HS256 and RS256?
HS256 uses a shared secret (symmetric) — the same key signs and verifies. RS256 uses a public/private key pair (asymmetric) — the private key signs, the public key verifies. RS256 is preferred for distributed systems where multiple services need to verify tokens.
Related Reference

JavaScript Cheat Sheet

View Cheat Sheet →

More Guides

How to Format JSON Online How to Encode & Decode Base64 How to Generate UUID Online How to Test an API Online