Desenvolvimento
Programming
JWT Decoder
header and payload
Decode any JWT token and instantly see the header, payload, and expiration details. Essential for debugging API authentication, checking claims, and inspecting permissions. 100% local processing — no data is sent anywhere.
How to use
- 1Paste the full JWT token into the input field.
- 2The tool automatically decodes the header and the payload.
- 3Use the copy buttons to extract the JSON from the header or the payload.
- 4Check fields like 'exp' (expiration) and 'iat' (issued at) to understand the token's validity.
Practical examples
Debug an authentication error
Paste the token received from the API and check whether the 'exp' field has already expired or whether 'sub' (user) is correct.
Check a token's permissions
Look at the decoded payload to see which claims (such as 'role' or 'scope') are present before trusting the access.
Understand a JWT's structure
Paste a sample token to see how the header defines the signing algorithm and the payload carries the user's data.
Frequently asked questions
Does the JWT Decoder verify the token signature?
No. Decoding displays the header and payload content, but does not verify the signature (which requires the secret key). Use it for content inspection only.
Is it safe to paste production tokens here?
Processing happens 100% in your browser with no data transmitted. Even so, as a security best practice, prefer using tokens from a development environment for inspection.
What is a claim in a JWT?
Claims are the pieces of information in the JWT payload, such as sub (subject/user), exp (expiration), iat (issued at), and custom fields defined by the application.
