What Is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe token used to pass claims between two parties. You'll encounter them constantly in web development — they're the standard for authentication in modern APIs. When you log into a site and get a bearer token, that's usually a JWT.

JWT Structure

A JWT has three parts separated by dots: header.payload.signature. The header specifies the algorithm (like HS256 or RS256). The payload contains the claims — user ID, roles, expiration time. The signature ensures the token hasn't been tampered with.

What This Tool Shows You

• Header — The signing algorithm and token type
• Payload — All claims, decoded and formatted
• Expiration status — Whether the token is still valid or has expired
• Timestamps — iat, exp, and nbf converted to readable dates

Note: This tool only decodes JWTs — it doesn't verify signatures. The header and payload of a JWT are just base64-encoded JSON, so anyone can read them. The signature is what provides security.