What this tool does
Paste a token, decode the header and payload, inspect claims, and keep the signature notice clear: this tool does not verify signatures.
Privacy behavior
Selected file contents are processed locally in your browser for supported workflows. This privacy build does not intentionally load ads, analytics, remote fonts, or third-party runtime scripts.
Supported workflow
Use the controls on this page, review the output in your browser, then copy or download the result.
What can a JWT Decoder show?
A JWT decoder helps inspect the token header, payload, and common claims such as exp, iat, and nbf while debugging API and authentication flows.
Decoding a JWT is not the same as verifying it. A decoded token can still be forged or expired unless the signature and claims are validated by the system that trusts it.
Frequently Asked Questions
Does this verify JWT signatures?
No. It decodes the header and payload only.
Is my JWT sent to ConvertUnlimited servers?
No server-side upload endpoint is used for decoding; token contents are decoded locally in your browser.
Can I inspect exp and iat claims?
Yes. Unix timestamp claims are shown as ISO dates when present.
Should I paste production tokens?
Avoid pasting sensitive production tokens unless you understand the risk.
Does it support Unicode claims?
Yes. UTF-8 payload content is decoded safely.
Privacy
Privacy build: This build removes ads, analytics, remote fonts, runtime CDN scripts, and file-operation telemetry. Selected files are processed in the browser using local JavaScript and browser APIs.
ConvertUnlimited does not provide a server-side upload endpoint for this JWT decoding flow. Token contents are decoded locally in your browser.
Terms of Use
ConvertUnlimited is provided as is. Do not rely on decoded JWT output as proof of token validity.
Trust and privacy
Files are processed locally where supported. Review the Trust Center for the processing model and the Privacy Policy for public-site privacy boundaries.