Header
Describes token metadata such as the signing algorithm in alg and token type in typ.
JWT Decoder Online
Decode onlyThis tool does not verify the token signature or prove that the JWT is trustworthy.
Decode JSON Web Tokens
Paste a JSON Web Token to inspect its decoded header, payload, signature segment, and registered claims. Unix timestamps such as iat, nbf, and exp are shown as readable local dates, while the expiry status updates every second.
Decoding Is Not Verification
JWT header and payload data are encoded, not encrypted. They can be read without a key. A decoded token must not be trusted until your application verifies its signature, accepted algorithm, issuer, audience, and time-based claims using the correct secret or public key.
JWT Parts Explained
Payload
Contains registered and custom claims such as subject, issuer, audience, roles, and expiration.
Signature
Allows a trusted application to detect token changes when verified with the correct key.
Related Developer Tools
Decode individual values with the Base64 Encoder & Decoder, format claim objects with the JSON Formatter, or inspect date claims with the Timestamp Converter.