MyJSON
Inspection

JWT inspector

Click any JWT in the tree to decode header + payload locally.

Tree view — any string that matches the JWT shape gets a JWT pill. Click it.

What it shows

alg (with a red warning on `none`), signature presence, expiry status (relative time), plus the decoded header and payload as labeled tables. Common claims (iss, sub, aud, exp, nbf, iat, jti) get short hint lines explaining what they mean.

What it doesn't do

Decoding is NOT verification. The popover never tells you whether a signature is valid — that requires the issuer's public key and isn't safe to do in-browser without one. The popover says this explicitly.

Privacy

Every byte stays in your browser. Your token isn't logged, transmitted, or persisted (unless you have session-only off and the parent document is saved to localStorage).

Examples

Spot an expired token in a response

An API call works locally but fails in CI — you suspect the test token has expired.

  1. Paste the response.
  2. Find the `access_token` field in the Tree.
  3. Click the JWT pill — popover shows `EXPIRED 4 days ago` in red.

Related

Tree view

Click-to-expand tree with type-aware affordances.