Developer Tools toolsUpdated July 2026

Free JWT Decoder

Decode a JSON Web Token's header and payload instantly, directly in your browser.

Free online tool No signup Copy-ready result Browser-first privacy
AdvertisementTop tool sponsor space
AdvertisementBelow tool sponsor space

How to decode a JWT

  1. Paste a JWT (three dot-separated parts).
  2. View the decoded header and payload as formatted JSON.
  3. Check the issued and expiry times, if present.

A note on scope

This tool decodes the header and payload, which are only base64url-encoded, not encrypted — anyone with the token can already read them. It does not verify the signature, since that requires the issuer's secret or public key, which this tool never has access to. Never treat a decoded, unverified token as proof of authenticity.

Your token stays private

The token is decoded entirely in your browser. It is never uploaded to Inqita or stored.

Common use cases

  • Inspect a JWT's claims while debugging an API
  • Check when an access token expires
  • Read a token's header and payload without a backend

Frequently asked questions

Is this tool free?

Yes. It is completely free, with no signup and no limits.

Is my token uploaded anywhere?

No. Decoding happens entirely in your browser.

Does this verify the token's signature?

No. It only decodes the header and payload. Signature verification requires the issuer's secret or public key.

Why does decoding fail?

The input must have exactly three dot-separated, base64url-encoded parts to be a valid JWT structure.

Is it safe to paste a real token here?

Decoding happens locally and nothing is transmitted, but as a general precaution, avoid pasting production tokens with sensitive claims into any third-party website when a test token would do.