JWT Encoder
Create a signed JWT token from a JSON payload using a secret key.
When to use this tool
Useful for generating test JWTs during development, creating signed tokens for API authentication, prototyping JWT-based authorization flows, and understanding how JWT signing works with different HMAC algorithms.
How to use
How this works
How this works
JWT signing combines a JSON header and payload, encodes them as Base64url, then creates an HMAC signature using the selected algorithm (HS256, HS384, or HS512) and your secret key.
The signature is computed over the header.payload string. Anyone with the same secret key can verify that the token has not been tampered with.
This tool uses the Web Crypto API in your browser for signing — the secret key never leaves your machine.
Examples
Simple user token
Input
{"sub":"1234567890","name":"John Doe","iat":1516239022}
Output
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
The output is a complete JWT with header, payload, and HMAC-SHA256 signature. The signature changes if you use a different key or algorithm.
Edge cases to know
- The payload must be a valid JSON object. Arrays or primitive values are not valid JWT payloads.
- The token is signed but not encrypted — anyone who intercepts it can read the payload. Do not include sensitive data in the payload.
- HS256, HS384, and HS512 all use HMAC with different hash functions. HS256 is the most widely supported.
Privacy note
This free tool signs JWTs entirely in your browser using the Web Crypto API. Your secret key and payload are never sent to any server. The output is a standard JWT that can be verified by any JWT library.