{
  "id": "jwt-decoder",
  "slug": "jwt-decoder",
  "title": "JWT Decoder",
  "description": "Decode and inspect JSON Web Tokens locally — header, payload and expiry claims.",
  "category": "encoders",
  "tags": ["jwt", "json web token", "decode", "auth", "bearer"],
  "icon": "key",
  "needsBackend": false,
  "relatedModules": ["base64", "hash-generator"],
  "seoIntro": "JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims between two parties. They are widely used for authentication, single sign-on and stateless API authorization.\n\nThis tool decodes the header and payload of a JWT entirely in your browser. The signature is shown but not verified — verifying requires the issuer's secret or public key, which you should never paste into any online tool.",
  "seoFaq": [
    { "q": "Does this verify the signature?", "a": "No. Verification requires the secret/public key. We deliberately do not accept secrets to keep the tool safe to use on production tokens." },
    { "q": "Is my token sent anywhere?", "a": "No. Decoding happens entirely in your browser; the token never leaves your device." },
    { "q": "What does iat / exp / nbf mean?", "a": "iat = issued at, exp = expiration time, nbf = not before. All are seconds since the Unix epoch and we humanize them automatically." }
  ]
}