$devtoolkit.sh/examples/json/jwt-payload

Inspect a JWT Token Payload

A JWT consists of three Base64url-encoded parts; the payload carries all the claims about the user and session. Paste a JWT here to decode the header and payload without sending your token anywhere. The tool highlights the expiration claim so you can see at a glance whether the token is still valid. This is useful for debugging authentication failures and auditing OAuth token contents.

Example
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzEyMyIsIm5hbWUiOiJKYW5lIFNtaXRoIiwiZW1haWwiOiJqYW5lQGV4YW1wbGUuY29tIiwicm9sZSI6ImFkbWluIiwiaWF0IjoxNzAwMDAwMDAwLCJleHAiOjE3MDAwMDM2MDB9.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
[ open in JWT Decoder → ]

FAQ

Is it safe to paste a real JWT here?
Decoding runs entirely in your browser with no server calls. That said, avoid pasting long-lived production tokens into any online tool as a general security practice.
What is the exp claim?
exp is a Unix timestamp (seconds since epoch) indicating when the token expires. The decoder compares it to the current time and shows whether the token is still valid.
Can this tool verify the JWT signature?
No. Signature verification requires the secret key, which is a server-side operation. This tool only decodes the readable header and payload sections.

Related Examples

Format a REST API Response

REST APIs return compact JSON that is hard to read at a glance. Paste this examp...

Format a Webhook Payload

Webhooks deliver events as JSON POST bodies that often arrive minified. This exa...

Format an API Error Response

Structured error responses help API clients handle failures gracefully, but they...

/examples/json/jwt-payloadv1.0.0