Developer Tools

JWT
Decoder

Q: What does the exp claim mean?

exp is the expiry time as a Unix timestamp. If the current time is past exp, the token is expired and should be rejected. This tool flags expired tokens automatically.

Paste a JSON Web Token to inspect its header, payload claims and expiry in readable JSON. Decoding runs entirely in your browser — tokens are never transmitted.

Header + payload

Expiry check

100% offline

# header.payload.signature
eyJhbGc....eyJzdWI....sig

# decoded
{ "alg": "HS256" }
{ "sub": "1234" }

Encoded JWT

Header

Payload

This tool decodes only — it does not verify the signature. Never trust a token's claims without verifying its signature on your server.

Frequently Asked Questions

What are the three parts of a JWT?

A JWT has three Base64URL-encoded segments separated by dots: the header (algorithm and type), the payload (claims such as sub, exp, iat), and the signature (used to verify integrity).

Does this tool verify the signature?

No. It decodes the header and payload for inspection only. Signature verification requires the secret or public key and must be done server-side — never trust unverified claims.

Is it safe to paste a token here?

The decoding happens entirely in your browser; nothing is sent over the network. That said, treat any live token as a credential and avoid pasting production tokens into tools you do not control.

What does the exp claim mean?

exp is the expiry time as a Unix timestamp. If the current time is past exp, the token is expired and should be rejected. This tool flags expired tokens automatically.

Related Tools

Base64 & URL Encoder Password Generator Htpasswd Generator

JWTDecoder

Frequently Asked Questions

Related Tools

Run Your Auth Stack on a Real VPS

JWT
Decoder