Searchlight
Tools
BlogAbout
Free SEO Audit
Back to home
๐Ÿ“ˆSEO & Analytics
๐Ÿ—‚๏ธText & Data
๐Ÿ”Encoders & Decoders
Base64 TextBase64 FileURL EncoderHTML EntitiesNumber Base ConverterJWT DecoderMorse CodeROT13 / Caesar CipherHash GeneratorHMAC GeneratorHex โ†” Base64
โšกGenerators
๐Ÿ”„Converters
๐Ÿ–ผ๏ธImage Tools
๐Ÿ“„PDF Tools
๐Ÿ’ปCode Tools
๐Ÿ”Regex & Parsing
๐ŸงฎCalculators
๐Ÿ—บ๏ธDiagrams
๐ŸŒNetwork & Web
โœ๏ธText Utilities
๐ŸŽจColor Tools
๐Ÿ”€Diff & Compare
148+ tools. OAuth is read-only.
Searchlight

148+ free SEO, developer, image, PDF, and productivity tools - no account needed.

Free ยท all tools included
Company
  • Blog
  • About
  • Free SEO Audit
Legal
  • Privacy Policy
  • Terms of Service
  • Cookie Policy

ยฉ 2026 Searchlight. All rights reserved.

Read-only OAuth ยท No data reselling ยท Completely free

JWT Decoder

Paste a JSON Web Token to inspect its header, payload, and signature. Decoding is done entirely in your browser.

About this tool

Decode and inspect JWT (JSON Web Token) headers, payloads, and signatures instantly in your browser. Paste any JWT token to see its claims - including expiry (exp), issued-at (iat), issuer (iss), and subject (sub) - displayed in a formatted, human-readable layout. The tool also shows whether the token is expired based on the current time.

How to Decode a JWT Token

  1. 1Paste your JWT into the input field - it starts with 'eyJ'.
  2. 2The header, payload, and signature sections are decoded and displayed instantly.
  3. 3Check the 'Expires' field to see if the token is still valid.
  4. 4Review claims like iss (issuer), sub (subject), and aud (audience).
  5. 5Use the payload values to debug authentication or authorisation issues.

Frequently Asked Questions

What is a JWT?+
A JWT (JSON Web Token) is a compact, URL-safe token consisting of three Base64URL-encoded parts: a header (algorithm), a payload (claims), and a signature. It's widely used for authentication and API authorisation.
Is it safe to paste my JWT here?+
The decoding runs entirely in your browser - nothing is sent to a server. However, do not share JWTs from production systems as they often contain sensitive claims. Treat JWTs like passwords.
Can this tool verify the JWT signature?+
No. Signature verification requires the secret key or public key, which should never be shared with a browser-based tool. This tool only decodes and displays the payload.
What does 'token expired' mean?+
The exp claim in the payload is a Unix timestamp. If the current time is past that timestamp, the token is expired and should be rejected by your server.
Looking for a deeper guide on this topic? Browse the Searchlight blog.
Visit the blog โ†’

Related tools

View all Encoders & Decoders โ†’
Base64 TextEncode & decode Base64 textBase64 FileEncode images, PDFs & files to Base64URL EncoderURL encode / decode / percent-escapeHTML EntitiesHTML entity encode & decode