Question 1

What is a JWT?

Accepted Answer

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. It consists of three parts: Header (algorithm & type), Payload (claims/data), and Signature (verification).

Question 2

Is it safe to paste JWTs here?

Accepted Answer

Yes — this tool decodes entirely in your browser. The token is never sent to any server. However, never share JWTs that contain sensitive personal information or production credentials.

Question 3

Can this tool verify the signature?

Accepted Answer

No. Signature verification requires the secret key or public key used to sign the token, which only the issuer should have. This decoder only shows you the decoded contents.

Question 4

What does "exp" mean in the payload?

Accepted Answer

"exp" is the expiration time claim, specified as a Unix timestamp (seconds since 1970-01-01). If the current time is past this value, the token is considered expired.

Claim	Value	Description
sub	1234567890	Subject
name	John Doe	Custom claim
iat	1516239022 (1/18/2018, 5:30:22 AM)	Issued At

JWT Decoder

Header

Payload

Signature

Claims

JWT Structure

Frequently Asked Questions

Related Tools

JSON Formatter

Base64 Encoder / Decoder

CSS Minifier

JavaScript Minifier