Developer Debug Tools

Browser-based utilities for practical debugging

4 min read2026-05-10

How to decode a JWT token

Learn how to decode JWT header and payload claims in the browser, read exp and iat values, and avoid common token mistakes.

Paste the token and inspect the decoded sections

Open JWT Decoder, paste the full token, and review the header and payload panels. The header usually shows the token type and algorithm. The payload contains claims such as subject, issuer, audience, role, issued-at time, and expiry time.

Decoding is not the same as verification. A browser decoder can show readable claims, but it does not prove the signature is trusted by your backend. Use it for debugging and inspection, then rely on server-side validation for access decisions.

Check timestamps and expiry claims

JWT exp and iat values are Unix timestamps. If the decoded payload contains exp, use Timestamp Converter or JWT Expiry Checker to translate it into readable UTC and local dates. Many authentication bugs come from expired tokens, clock drift, or confusing seconds with milliseconds.

If the token is malformed, confirm it has three dot-separated segments. If a segment decodes to JSON, format it with JSON Formatter before sharing the example with a teammate.

Security notes

Do not paste active production tokens into public tickets, screenshots, or chat messages. Decode locally, redact sensitive values, and share only the fields needed to explain the issue.

Related tools

API & Auth

Open

JWT Decoder

Decode JWT headers and payloads, inspect claims, and check expiry fields at a glance.

Encoders & Decoders

Open

Base64 Encode / Decode

Encode plain text to Base64 or decode Base64 back to readable text with Unicode support.

Converters

Open

Timestamp Converter

Convert Unix seconds, Unix milliseconds, and ISO date strings with readable UTC and local output.

Formatters

Open

JSON Formatter

Pretty-print raw JSON, minify payloads, and inspect syntax errors with clear feedback.

Browse all developer tools

Related workflows

JWT Tools

Inspect JWT header and payload claims, check token times, and debug auth failures faster.

API Debugging Tools

Inspect the pieces that usually explain API failures: JSON, JWTs, headers, query params, cURL, and status codes.

Encoder and Decoder Tools

Encode, decode, escape, and unescape common values found in APIs, logs, URLs, and documents.

Timestamp and Date Tools

Convert Unix timestamps and inspect time values found in APIs, logs, JWTs, and databases.