Decode and inspect JSON Web Tokens instantly. See header, payload, signature, and expiration time. Your tokens never leave your browser.
Instantly decode and pretty-print both the JOSE header and JWT claims. Spot the algorithm, issuer, audience, and every custom claim at a glance.
See the exp and iat timestamps converted to human-readable dates. Instantly know if a token is expired or how long it has left.
View the signing algorithm and signature status. Know whether your token uses HS256, RS256, ES256, or another algorithm.
Base64 encoder, JSON formatter, URL encode, hash generator, and 44 other tools. All in one extension.
Yes. ArcPanel runs entirely in your browser with zero network requests. Your tokens are decoded locally and never sent to any server — safe for production tokens and sensitive credentials.
A JWT has three parts separated by dots: the header, the payload, and the signature. ArcPanel decodes and pretty-prints the header and payload (which are Base64URL-encoded JSON). The signature is displayed as-is since it's a binary hash.
ArcPanel displays the signing algorithm and the raw signature, but it does not verify signatures cryptographically. For signature verification, you need the secret key or public key, which should stay on your server.
Yes. Expiration is just a claim inside the payload — the token can still be decoded regardless of whether it's expired. ArcPanel will flag expired tokens so you can see at a glance.
49 developer tools, one keystroke away.
Add to Chrome — Free