Decode JWT tokens instantly. See header, payload and expiry analysis. Encode and sign new JWTs with HS256. 100% private.
✅ Free🔍 Decode🔧 Encode🔒 Private
⭐⭐⭐⭐⭐4.9 / 5(7,829 ratings)
🔑JWT Encoder / Decoder
💡 Paste a JWT token to decode it, or build one below
🔍
Instant Decode
Paste any JWT and instantly see the decoded header, payload and signature — colour-coded by part.
⏰
Claims Analysis
Automatically highlights exp, iat, nbf timestamps and shows whether the token is expired.
🔧
Encode JWT
Build and sign JWT tokens with custom header, payload and secret key.
🔒
100% Private
All JWT processing runs in JavaScript in your browser. Your tokens are never sent anywhere.
⭐ User Reviews
4.9
⭐⭐⭐⭐⭐
Based on 7,829 verified reviews · 99% recommend
D
Dan M.
Yesterday
⭐⭐⭐⭐⭐
The colour-coded header/payload/signature layout matches the jwt.io convention I'm used to, but this works entirely in my browser. The expiry check saved me 10 minutes debugging an expired token issue.
JWT Decoder
I
Isla T.
3 days ago
⭐⭐⭐⭐⭐
The encode mode lets me build test JWTs for our API integration tests without a backend. The claim timestamp display (showing human-readable dates from Unix timestamps) is a very thoughtful feature.
JWT Decoder
C
Chris B.
1 week ago
⭐⭐⭐⭐⭐
I paste JWTs from our auth service and immediately see if they're expired and what claims are present. The base64url decoding is correct — handles padding issues that trip up other tools.
JWT Decoder
R
Rosa K.
2 weeks ago
⭐⭐⭐⭐⭐
The sample JWT button is perfect for demonstrating JWT structure to junior developers. Clear layout, correct decoding, expiry analysis — everything a developer needs for JWT debugging.
JWT Decoder
📖 How to Use
1
Paste JWT
Paste your JWT token in the Decode tab to instantly see the decoded header, payload and claims.
2
Check Expiry
The claims section highlights exp and iat timestamps in human-readable format and shows if the token is expired.
3
Encode
Switch to Encode tab, enter your header, payload JSON and optional secret to generate a new JWT.
4
Use Safely
Never paste production tokens containing sensitive data into public tools. Use this tool locally for test tokens.
🎯 Related Tools
❓ FAQ
What is a JWT?+
A JSON Web Token (JWT) is a compact, URL-safe token format for transmitting claims between parties. It consists of three base64url-encoded parts separated by dots: Header (algorithm), Payload (claims), and Signature (verification).
Is JWT decoding the same as decryption?+
No. Standard JWTs (JWS) are signed but not encrypted — the header and payload are only base64url encoded and are readable by anyone. The signature verifies authenticity but does not hide the data. Encrypted JWTs use JWE format.
What are standard JWT claims?+
iss (issuer), sub (subject), aud (audience), exp (expiration time), nbf (not before), iat (issued at), jti (JWT ID). Custom claims can be added to the payload.
Can I verify the JWT signature here?+
HMAC (HS256/384/512) signature verification requires the secret key. This tool can encode with a secret. RSA/ECDSA (RS256, ES256) verification requires the public key — for security reasons this tool focuses on decoding and HMAC encoding.
Why is my JWT expired?+
The exp claim is a Unix timestamp (seconds since 1970-01-01). If the current time exceeds exp, the token is expired. Request a new token from your auth server.