JWT Debugger & Inspector

Decode, inspect, and debug JSON Web Tokens (JWT) locally. Automatically formats headers, payloads, and timestamps.

Encoded Token

Waiting for Token

Paste an encoded JWT on the left to inspect its headers and claims.

Understanding the JWT Debugger

JSON Web Tokens (JWT) are the industry standard for securely transmitting information between parties as a JSON object. Our JWT Debugger is a specialized tool that allows you to paste an encoded token and instantly see its decoded Header and Payload. This is vital for debugging authentication issues, checking token expiration (exp), or verifying claims like user IDs and permissions.

How to Use This Tool

  • 1Paste your encoded JWT (the string with three parts separated by dots) into the input area.
  • 2The tool will automatically split the token into Header, Payload, and Signature.
  • 3Inspect the decoded JSON in the right-hand panel.
  • 4Check the 'Issued At' and 'Expires At' timestamps which are automatically converted to readable dates.

Key Benefits & Features

Instant Decoding

No need to write code to see what's inside your authentication tokens.

Timestamp Conversion

Automatically converts Unix epoch timestamps (iat, exp) into human-readable local time.

Secure & Local

Your tokens are never sent to a server. All decoding happens in your browser.

Frequently Asked Questions

What is a JWT?

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure.

How do I use this JWT Debugger?

Simply paste your encoded JWT into the input field. The tool will automatically split the token into its three parts (Header, Payload, and Signature) and decode them for you to inspect.

Is my JWT token safe?

Yes. Like all TrendDaily tools, the JWT Debugger works entirely in your browser. Your token is never sent to our servers, ensuring your sensitive data remains private.

What are the three parts of a JWT?

A JWT consists of three parts separated by dots (.): the Header (specifies the algorithm), the Payload (contains the claims/data), and the Signature (used to verify the token).

Can this tool verify the signature?

Currently, our tool is focused on decoding and inspecting the header and payload. Signature verification requires the secret key or public key, which we plan to add in a future update.

What is the 'iat' and 'exp' claim?

'iat' stands for 'Issued At' (when the token was created) and 'exp' stands for 'Expiration Time' (when the token becomes invalid). Both are represented as Unix timestamps.

Why is my JWT not decoding?

Ensure that the token is a valid JWT string (three Base64-encoded parts separated by dots). If the token is malformed or not a JWT, it will not decode correctly.

What encoding does JWT use?

JWTs use Base64Url encoding, which is a variant of Base64 that replaces '+' with '-', '/' with '_', and removes padding '=' to be safe for use in URLs.

Can I edit the JWT and re-encode it?

This tool is currently a debugger for inspection. We are working on a 'Creator' mode that will allow you to modify the payload and generate a new token.

Is it safe to share my JWT?

No. You should never share your JWT tokens publicly, especially if they contain sensitive user data or if they are from a production environment.

100% Free Forever
No Data Stored
Instant Processing