The payload is the middle section of a JWT - it contains all the claims (user info, roles, permissions, expiry, custom data). Paste the token and we extract just the payload as readable JSON, with standard claims (iss, sub, aud, exp, iat, jti, nbf) labeled and timestamps shown in human-readable form alongside Unix epoch.
When to use this
Use when: extracting a user ID or email from a token for logging / debugging, checking what custom claims your auth provider is putting in the token, verifying that role / permission claims are present in production tokens, building docs for your team about your JWT structure.
Frequently Asked Questions
What are the standard payload claims?
Standard (registered) claims defined by RFC 7519: `iss` (issuer), `sub` (subject = user ID), `aud` (audience = your API), `exp` (expiry timestamp), `nbf` (not before timestamp), `iat` (issued at timestamp), `jti` (unique token ID). Everything else is a custom claim - app-specific data like email, roles, or tenant ID.
Are payload claims encrypted?
No - JWT payloads are base64-encoded, not encrypted. Anyone with the token can read the claims. Don't put secrets in JWT claims. If you need confidentiality, use JWE (JSON Web Encryption) instead - though it's rare in practice; HTTPS already protects the token in transit.
Powered by JWT Decoder.