Free JWT Decoder
Decode a JSON Web Token's header and payload instantly, directly in your browser.
JWT
Header
Payload
Signature
How to decode a JWT
- Paste a JWT (three dot-separated parts).
- View the decoded header and payload as formatted JSON.
- Check the issued and expiry times, if present.
A note on scope
This tool decodes the header and payload, which are only base64url-encoded, not encrypted — anyone with the token can already read them. It does not verify the signature, since that requires the issuer's secret or public key, which this tool never has access to. Never treat a decoded, unverified token as proof of authenticity.
Your token stays private
The token is decoded entirely in your browser. It is never uploaded to Inqita or stored.
Common use cases
- Inspect a JWT's claims while debugging an API
- Check when an access token expires
- Read a token's header and payload without a backend
Frequently asked questions
Is this tool free?
Yes. It is completely free, with no signup and no limits.
Is my token uploaded anywhere?
No. Decoding happens entirely in your browser.
Does this verify the token's signature?
No. It only decodes the header and payload. Signature verification requires the issuer's secret or public key.
Why does decoding fail?
The input must have exactly three dot-separated, base64url-encoded parts to be a valid JWT structure.
Is it safe to paste a real token here?
Decoding happens locally and nothing is transmitted, but as a general precaution, avoid pasting production tokens with sensitive claims into any third-party website when a test token would do.