Paste a JSON Web Token into the box; its header and payload claims decode to readable JSON below, right in this browser tab.
A JWT has three dot-separated parts: a header naming the signing algorithm and token type, a payload carrying the claims (subject, issued-at, expiry, and any custom fields an issuer adds), and a signature. This tool decodes the first two parts and prints the third as-is; it does not check whether the signature is genuine.
If your string has only one part, or fails to decode as JSON once split, it is not a JWT - a plain base64 string, a percent-encoded URL, or a JSON blob will not decode here.
JWT Decoder
JWT Decoder splits a JSON Web Token into its three parts and decodes the header and payload back to readable JSON, so you can see exactly what claims a token carries.
Paste a token to check its algorithm, subject, issued-at time, and expiry (the exp claim) without leaving your browser. Handy when debugging an API login, inspecting a token a colleague sent you, or checking why a session expired.
Decoding runs locally in this browser tab - no upload and no account. The signature segment is shown as raw text but is not verified, since verifying it needs the issuer's secret or public key, which never leaves the server.
Paste something that is not a valid 3-part token and the tool names exactly which piece failed - too few dot-separated segments, or a header/payload that will not base64url-decode - instead of failing silently.
Use the URL Decoder instead when your text is a plain percent-encoded string rather than a three-part token.
Frequently Asked Questions
What does JWT Decoder do?
It splits a JSON Web Token on its dots and decodes the header and payload segments back to readable JSON, so you can read the claims a token carries (algorithm, subject, issued-at, expiry).
Does this verify the signature?
No. The signature segment is shown as raw text but is not checked, since verifying it needs the issuer's secret or public key, which never leaves the server. This tool decodes structure, not authenticity.
What's the difference between this and the URL Decoder?
URL Decoder percent-decodes a plain string (like a query-string value). JWT Decoder expects a three-part token and decodes each part as JSON. Use URL Decoder when your text is not a token.