JWT Decoder
Paste a JSON Web Token to decode the header, payload and inspect expiry claims — all in your browser.
Header
Payload
Dominate Google. Bring in more customers.
Technical SEO, local SEO & content strategy — built for Indian businesses.
Frequently Asked Questions
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe way to represent claims between two parties. It consists of three Base64URL-encoded parts separated by dots: header, payload, and signature.
Can this tool verify the JWT signature?
This tool decodes and displays the header and payload without signature verification — that requires the secret or public key. For security, never share your signing secrets in a browser tool.
Is it safe to paste my JWT here?
All decoding happens entirely in your browser — nothing is sent to any server. However, avoid pasting production tokens with sensitive user data in any online tool as a best practice.
What claims are in a JWT payload?
Common claims include: iss (issuer), sub (subject/user ID), aud (audience), exp (expiry timestamp), iat (issued at), nbf (not before), and custom application-specific claims.
What is the exp claim in JWT?
The exp claim is a Unix timestamp representing when the token expires. This tool converts it to a human-readable date and tells you if the token is already expired.
Is this tool free?
Yes. Gopafy's JWT Decoder is 100% free. All processing runs in your browser.