What this tool does
Paste a token, decode the header and payload, inspect claims, and keep the signature notice clear: this tool does not verify signatures.
Privacy behavior
Selected file contents are processed locally in your browser for supported workflows. This privacy build does not intentionally load ads, analytics, remote fonts, or third-party runtime scripts.
Supported workflow
A JWT decoder helps inspect the token header, payload, and common claims such as exp, iat, and nbf while debugging API and authentication flows.
What can a JWT Decoder show?
A JWT decoder helps inspect the token header, payload, and common claims such as exp, iat, and nbf while debugging API and authentication flows.
Decoding a JWT is not the same as verifying it. A decoded token can still be forged or expired unless the signature and claims are validated by the system that trusts it.
Frequently Asked Questions
Does this verify JWT signatures?
No. It decodes the header and payload only.
Is my JWT sent to ConvertUnlimited servers?
No server-side upload endpoint is used for decoding; token contents are decoded locally in your browser.
Can I inspect exp and iat claims?
Yes. Unix timestamp claims are shown as ISO dates when present.
Should I paste production tokens?
Avoid pasting sensitive production tokens unless you understand the risk.
Does it support Unicode claims?
Yes. UTF-8 payload content is decoded safely.
Privacy
Privacy build: This build removes ads, analytics, remote fonts, runtime CDN scripts, and file-operation telemetry. Selected files are processed in the browser using local JavaScript and browser APIs.
ConvertUnlimited does not provide a server-side upload endpoint for this JWT decoding flow. Token contents are decoded locally in your browser.
Terms of Use
ConvertUnlimited is provided as is. Do not rely on decoded JWT output as proof of token validity.