Cookie preferences
We use cookies for analytics. Privacy Policy You can accept or decline non-essential tracking.
Use JWT Decoder to read exp, iat, and nbf timestamps correctly so you can spot expired, early, or misissued tokens faster.
Go to tool
Decode JWT header and payload locally, inspect exp/iat/nbf claims, and debug bearer tokens without uploading them.
Many auth bugs are really time bugs. A user sees a login loop, an API returns 401, or a mobile session fails after clock drift, and the team starts changing refresh code before reading the token timestamps correctly.
Use JWT Decoder to inspect exp, iat, and nbf claims in readable time before you change auth logic.
iat tells you when the token was issued, nbf tells you when it becomes valid, and exp tells you when it should no longer be accepted. The operational goal is not memorizing claim names, but checking those three timestamps together against the real incident timeline.
iat, nbf, and exp into readable timestamps.exp in the past: the token is expired even if the payload still decodes cleanly.nbf in the future: the token is too early for the current request path or clock.iat far from the expected session start: check issuer bugs, replay, or stale caches.Take one token that caused a recent 401 or session loop, inspect exp, iat, and nbf in JWT Decoder, and write down the exact timing mismatch.
This article is reviewed by the Tools Hub editorial team for factual accuracy, practical relevance, and consistency with current product workflows.
Last reviewed:
Use JWT Decoder to inspect header, payload, exp, iat, and nbf claims locally before debugging expired sessions or broken bearer tokens.
Use JWT Decoder to inspect JWT payloads in browser and reduce the risk of pasting production bearer tokens into third-party sites.
Use WEBM/MKV to MP4 to convert downloaded WEBM or MKV clips into a mobile-safe MP4 file in one queue-backed flow.
Use HD Background Remover to turn one product image into a transparent PNG cutout without desktop editing or browser-only hacks.