Free JWT Decoder Online

Decode JWT tokens online to inspect headers, payloads, claims, and expiration details directly in your browser. No signup or token upload is required.

Paste your token

Decoded only - signature not verified

JWT token required Expiry unknown

Decoded Token

Paste a complete JWT to see the decoded header, payload, and raw unverified signature.

Decoded JWT data will appear here.

What Is a JWT Decoder?

A JWT decoder is an online developer tool used to read the contents of a JSON Web Token. JWTs are commonly used by websites, applications, and APIs to carry authentication and authorization data. A signed JWT commonly contains three dot-separated parts: a header, payload, and signature. This tool converts the encoded header and payload into readable JSON, making it easier to inspect token details without writing a manual decoding script. The header may contain the token type and signing algorithm. The payload can include claims such as sub for the subject or user ID, iss for the issuer, aud for the intended audience, and exp for the expiration time. It may also contain additional application-specific metadata. Decoding only reveals the information stored inside the token. It does not verify the signature or confirm that the token is authentic. Signature verification requires the correct secret key or public key, depending on the signing algorithm. During normal use, the token is processed locally in your browser and is not uploaded to PotatoTools servers. Because JWT payloads may contain sensitive data, avoid sharing tokens publicly.

How It Works

How to Use the JWT Decoder

  1. Paste the token

    Add your full encoded JWT string into the main input field.

  2. Decode the parts

    Instantly view the decoded header, payload claims, timing details, and unverified raw signature

  3. Copy what you need

    Use the quick action buttons to copy the clean JSON output directly to your clipboard.

Features

JWT Decoder Features

  • Clean JSON & Table Views

    View your decoded payload in standard readable JSON format, or switch to a quick key-value table preview for easier scanning.

  • Expanded Modal View

    Easily open and navigate extremely large JSON payload outputs using the expanded modal view.

  • Expiry Status Check

    The tool automatically checks the token's timing claims and flags whether the JWT is active, expired, or missing an expiration date.

  • 100% Private Processing

    Your JWT is decoded securely and locally inside your web browser. No token data is ever uploaded or saved to our servers.

  • Quick copy actions

    Copy decoded output without manual formatting work.

Frequently Asked Questions

Quick answers to common questions about using this tool.

Does this JWT Decoder verify signatures? +

No. The tool decodes the header and payload for inspection, but it does not cryptographically verify the signature or confirm that the token came from a trusted source.

Is my JWT uploaded to PotatoTools? +

No, your data is completely safe. The JWT decoding process runs entirely in your web browser during normal use, meaning your tokens are never uploaded or stored on our servers.

What parts of a JWT can I inspect? +

You can inspect the decoded header, signing algorithm, token type, payload claims, expiration details, custom metadata, and the raw unverified signature. Common claims include sub for the subject or user ID, iss for the issuer, aud for the audience, and exp for expiration.

Do I need an account to decode tokens? +

No signup or registration is required. You can paste, inspect, and format as many JSON Web Tokens as you need completely for free.

Can I decode expired tokens? +

Yes. Expired tokens can still be decoded, but they should not be treated as valid credentials.