JWT Decoder
Decode and inspect JSON Web Tokens (JWT). View header, payload, and signature. Verify expiration and claims. Free JWT decoder, 100% client-side.
Frequently Asked Questions
What is a JSON Web Token (JWT)?
A JWT is a compact, URL-safe token format defined by RFC 7519. It consists of three Base64URL-encoded parts separated by dots: a header that specifies the signing algorithm, a payload containing claims (key-value data), and a cryptographic signature that verifies the token has not been tampered with.
How do I read the payload of a JWT?
The payload is the second segment of the token (between the two dots). It is Base64URL-encoded, not encrypted. Paste the full token into this decoder and the payload JSON is displayed instantly, including standard claims like iss (issuer), sub (subject), exp (expiration), and any custom claims.
Is it safe to decode a JWT in the browser?
Yes. Decoding only reads the Base64URL-encoded header and payload, which are not encrypted to begin with. This tool runs entirely in your browser and never transmits the token to a server. However, never share tokens publicly, as they may grant access to protected resources until they expire.
What does the exp claim in a JWT mean?
The exp claim is a Unix timestamp indicating when the token expires. After this time, servers should reject the token. This decoder automatically converts the exp value to a human-readable date and shows whether the token is currently valid or expired.
Is this tool free?
Yes. All KappaKit tools are free, run in your browser, and require no signup or account.