Skip to content
Butter Tools Logo
Butter Tools

JWT Decoder

Decode a JSON Web Token's header and payload. Decoding only — the signature is not verified and the token never leaves your browser.

Header

Payload

Claims

JWT Decoder Examples

Click any card to try
menu_book

How to Use JWT Decoder

To decode a JWT (JSON Web Token), paste the full token string into the input field. The tool immediately splits the token into its three parts — header, payload, and signature — and displays the decoded header and payload as formatted JSON. The token's expiry time is highlighted and colour-coded to show whether it is currently valid or expired.

This tool decodes and inspects JWT tokens for debugging purposes. It does not verify the signature — to verify a JWT, you would need the signing secret or public key. Use this to inspect token claims such as user ID, roles, expiry time (exp), issued-at time (iat), and any custom claims.

help

Frequently Asked Questions

What is a JWT? expand_more

A JWT (JSON Web Token) is a compact, URL-safe token format used for securely transmitting information between parties as a JSON object. It consists of three Base64-encoded parts separated by dots: header.payload.signature.

What are the three parts of a JWT? expand_more

The header contains the token type and signing algorithm. The payload contains the claims (data). The signature verifies the token was not tampered with. Only the header and payload are decoded by this tool.

Does this tool verify the JWT signature? expand_more

No. This tool only decodes the Base64-encoded header and payload for inspection. It does not verify the signature. Signature verification requires the signing secret or public key.

Is it safe to paste my JWT into this tool? expand_more

The token is decoded entirely in your browser — nothing is sent to any server. However, be cautious when sharing JWTs containing sensitive user data or authentication tokens, as they grant access to systems if unexpired.

What does the exp claim mean in a JWT? expand_more

The exp (expiration time) claim is a Unix timestamp indicating when the token expires. This tool converts the exp value to a human-readable date and shows whether the token is currently valid or has expired.

Related Tools

All Developer Toolsarrow_forward
code

JSON Formatter

Pretty-print, validate and minify JSON with syntax highlighting.
code

Base64 Encode / Decode

Encode strings or files to Base64 or decode Base64 back to text.
code

URL Encode / Decode

Percent-encode URLs or decode percent-encoded strings.
code

HTML Encode / Decode

Escape HTML entities or unescape them back to characters.