JWT decoder

Decode token headers and payloads, inspect expiry state, and understand how JWTs are structured.

Encoded token

HeaderPayloadSignature

Decoded output

Waiting for token input...

What is JWT?

JSON Web Token is a compact, signed format for transmitting claims between parties. It is widely used for session tokens, API access, and identity assertions.

Header

Declares token metadata such as the token type and signing algorithm.

Payload

Contains the claims, which usually describe the user or the permissions being granted.

Signature

Protects the token against tampering and verifies that the issuer signed it with the expected secret or key.

JWT FAQ

Are JWTs encrypted?

Usually not. Standard JWTs are encoded, not encrypted, which means anyone who has the token can inspect the header and payload. The signature only protects integrity.

What happens when a token expires?

If the exp claim is in the past, the server should reject the token and the client must reauthenticate or request a new access token through the correct refresh flow.

Framework deployment

Site launch use cases

Developer essentials

Frontend & design

Network & SEO