Skip to content
Spellkit
All guides

JWT Decoder

A JSON Web Token packs three base64url parts — header.payload.signature — separated by dots. This tool splits and decodes the first two so you can see exactly what a token carries.

How to use it

  1. Paste a token (or click Load sample).
  2. Read the Header (algorithm and type) and Payload (the claims).
  3. Scan the Claims table: registered time claims (exp, iat, nbf) are rendered as local dates, and a badge tells you whether the token is valid, expired, or not yet valid.

Privacy & safety

Decoding happens entirely in your browser — the token never touches a server. This tool decodes only; it does not verify the signature, because verification requires the signing secret or public key, which you should never paste into a website.