JWT Generator
Developer
Edit the JSON header and payload, pick an HMAC algorithm (HS256, HS384, HS512), set a secret, and the tool produces a signed JWT live. Signing uses the browser's Web Crypto API, so the secret and payload never leave your device. Useful for quickly testing endpoints that expect specific claims, simulating expired tokens, or generating fixtures for tests.
—
Signed JWT
—
How to use
- Edit the header JSON if you need a non-default kid or typ.
- Edit the payload with the claims you want (sub, iat, exp …).
- Pick the HMAC algorithm.
- Enter the shared secret, then copy the resulting token.
Frequently asked questions
- What algorithms are supported?
- Symmetric HMAC algorithms: HS256, HS384, HS512. Asymmetric algorithms (RS256, ES256) aren't supported here because they require an RSA / EC key pair and a more involved key-management UX.
- Is the secret stored?
- Only in your browser's local storage so the tool remembers between visits. Nothing is sent to a server, including the secret. Treat the URL like any sensitive page — don't share screenshots.
- Why does my token change when I add a property?
- JWT signatures depend on the exact bytes of the header and payload after base64url encoding. Any change to whitespace, key order, or values changes the signature.
- Are tokens always url-safe?
- Yes — the encoder uses base64url (no +, /, or = padding), so the token can go in URLs, headers, or cookies without escaping.
Related tools
JWT Decoder
Decode a JSON Web Token to inspect its header, claims, and expiration.
Developer00
UUID Generator
Generate random version-4 UUIDs in bulk, with copy.
Developer00
Hash Generator (SHA)
Generate SHA-1, SHA-256, SHA-384, and SHA-512 hashes from text.
Developer00
URL Encoder / Decoder
Percent-encode text for URLs, or decode encoded URLs back to text.
Developer00
Base64 Encoder / Decoder
Encode text to Base64 or decode Base64 back to text, instantly.
Developer00
JSON Formatter & Validator
Format, beautify, minify, and validate JSON right in your browser.
Developer00