Timestamps
About JWT Decoding
A JSON Web Token (JWT) has three base64url-encoded parts separated by dots:
- Header — algorithm and token type (e.g., HS256, RS256)
- Payload — claims: user data, roles, expiry (exp), issued-at (iat)
- Signature — cryptographic proof; requires a secret/public key to verify
Common payload fields this tool highlights:
exp— expiry timestamp (Unix epoch seconds)iat— issued-at timestampnbf— not-before timestamp (token not valid until this time)
Need to work with JSON? Try the JSON Formatter or JSON Validator.
Frequently Asked Questions
Does this tool verify JWT signatures?
No. This tool decodes the header and payload only. It does not verify the signature. Never trust decoded data from an unverified token.
Is my JWT sent to a server?
No. Decoding happens entirely in your browser using JavaScript. Your token never leaves your device.
What is the exp field in a JWT?
exp is the expiry time as a Unix timestamp. This tool converts it to a human-readable date so you can see exactly when the token expires.
Why does my JWT have 3 parts?
A JWT has three base64url-encoded parts separated by dots: header (algorithm), payload (claims), and signature (verification data).