Something wrong with this tool?
About JWT Encoder Online
This tool creates a JSON Web Token (JWT) from a header, payload, and signing secret. Provide the JSON contents of the header (typically just the algorithm), the payload (custom claims plus standard claims like exp, iat, sub), and a signing key, and the tool produces a signed JWT ready to use.
Use it to test backend services that expect JWTs, to generate test tokens with specific expiration or claim values for QA, to mock JWT-based authentication during development, or to learn how the format works.
The tool supports HS256, HS384, HS512 (symmetric, using a shared secret) and RS256, RS384, RS512 (asymmetric, using an RSA private key). Choose the algorithm that matches what your verification side expects.
How to use this tool
How to sign a JSON Web Token with HMAC
Enter the payload JSON
"Payload (JSON)" is the claims object — `{ "sub": "user-123", "role": "admin", "exp": 1748908800 }`. Standard claims like `iat` (issued at), `exp` (expiry, Unix seconds), `iss`, `aud` are conventions, not enforced — you set them yourself.
Enter the secret
"Secret" is the HMAC shared secret. Keep this on the server only — clients should NEVER see the secret used to sign tokens. Length matters: for HS256 use at least 256 bits (32 random bytes) of entropy.
Pick the algorithm
"Algorithm" defaults to `HS256` (HMAC-SHA-256). HS384/HS512 trade compute for output size. For asymmetric (RS256/ES256) you'd need a private key — this tool only signs with HMAC; for asymmetric, generate the token in your backend with a real JWT library.
Press Run
Result returns a single `token` — the encoded `header.payload.signature` string. Decode it back with jwt-decoder to confirm the payload survived the round-trip. Treat the secret as you would a database password: rotate periodically.