JWT Decoder
Decode JWT (JSON Web Token) in your browser and visualize the header, payload, and signature.iat / exp / nbf are automatically converted to human-readable dates.
✅ 100% free, no signup, runs entirely in your browser
Header
Payload
Signature
* Signature verification requires a secret or public key, so this tool only decodes.
About the JWT structure
A JWT is a string consisting of header.payload.signature three parts joined with dots (.). The header and payload are Base64URL-encoded JSON, and the signature is generated using the algorithm specified in the header (e.g., HS256 / RS256).
Key claims: iss (issuer), sub (subject), aud (audience), exp (expiration), nbf (not before), iat (issued at), jti (JWT ID)
If something is broken or not displaying correctly, let us know via the contact form からご報告ください。
📖 How to Use
-
1
Copy your JWTGet the JWT string from your API response or Authorization header.
-
2
Paste into the inputPaste the JWT into the top textarea and decoding runs automatically.
-
3
Inspect header & payloadView algorithm (alg), issuer (iss), expiration (exp) and other claims visually.
❓ FAQ
What is a JWT?
A JWT (JSON Web Token) is an authentication token made of three Base64URL-encoded parts (header.payload.signature) joined with dots. Commonly used for API auth after login.
Can this tool verify the signature?
This tool is decode-only. Signature verification needs the secret (HS256) or public key (RS256/ES256) — use our JWT Signer tool or verify on your backend.
Is the JWT sent to any server?
No. All decoding happens in your browser via JavaScript — no network request is made.
What if exp is expired?
An expired JWT is invalid. Use the refresh token to get a new JWT, or re-login. Always validate exp on the client side too.