JWT Decoder

Decode. Don't trust.

See what's inside. On-device.

No upload
Works offline
No idea what's in your data

Need offline JWT inspection? The offline bundle works without internet. $99 once.

Get Bundle →
// How it works

Three steps. Zero uploads.

01
Paste
Paste your JWT token into the input field. It stays on your device.
02
Decode
fwip instantly decodes the header and payload. Dates are shown in human-readable format.
03
Inspect
View all claims, check expiration, and copy the decoded JSON.
// Why this is different

Your tokens never leave your machine.

Most JWT decoders send your token to a server for processing. Even though JWTs aren't encrypted, they contain sensitive claims like user IDs, roles, and permissions. fwip decodes everything in your browser.

fwip works differently. The processing engine runs entirely in your browser. Your token is read from your device, processed on your CPU, and the result is saved back to your device. No server is involved. We literally cannot see your file.

No server processing

Everything runs on your device using WebAssembly. Your file never touches a network.

No account required

Drop a file. Get a result. No sign-up, no email, no password.

No subscription

Free in the browser. $99 once for the offline bundle. That's it. Forever.

Works offline

The desktop version works with no internet connection at all.

// How fwip compares

fwip vs the rest.

fwipjwt.iojwt.msAuth0 JWT
Upload requiredNoYesYesYes
Account requiredNoNoNoNo
Price$15 / toolFreeFreeFree
Files leave deviceNeverAlwaysAlwaysAlways
Works offlineYesNoNoNo
Batch processingOffline bundleNoNoNo
// Questions

Frequently asked.

Is it safe to paste my JWT here?
Yes. fwip decodes your JWT entirely in your browser using JavaScript. The token never leaves your device — no server request is made. This is the safest way to inspect a JWT online.
What is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used for authentication and information exchange. It has three parts: a header (algorithm and type), a payload (claims and data), and a signature (verification).
Can fwip verify the JWT signature?
No. Signature verification requires the secret key or public key used to sign the token. fwip only decodes and displays the header and payload — it doesn't validate the signature.
Why shouldn't I paste production tokens into online tools?
Most online JWT decoders send your token to their server. Even though JWTs aren't encrypted, they contain claims like user IDs, emails, and roles. fwip is different — everything stays in your browser.
What do the date fields mean?
exp = expiration time, iat = issued at, nbf = not valid before. fwip shows these as human-readable dates alongside the Unix timestamps.
// Related tools

You might also need.

DATA
Base64 Encode/Decode
Encode and decode Base64.
 DATA
JSON Formatter
Format and validate JSON.
 DATA
Hash Generator
MD5, SHA-1, SHA-256, SHA-512.
 DEVELOPER
HTML Entities
Encode/decode HTML entities.
 DEVELOPER
UUID Generator
Generate UUID v4 strings.
 DATA
URL Encode/Decode
Encode and decode URLs.

Like it? Own it.

Offline. No browser. No internet. No excuses.
$15
This tool
  • JWT Decoder · offline
  • Batch processing
  • No file size limit
  • 3 devices · one payment
Join waitlist →
$49
Developer bundle
  • All 15 developer tools · offline
  • Batch processing
  • No file size limit
  • 3 devices · one payment
Get Developer bundle →
$99
Complete suite
  • All 200+ tools · offline
  • No file size limit
  • No daily use limit
  • 3 devices · one payment · updates included
Join waitlist →
One-time payment · 3 devices · Updates included · Mac + Windows + Linux