JWT Encoder — Create JWT Tokens Online

Create JSON Web Tokens instantly. Build JWT tokens with custom headers, payloads, and HMAC SHA256 signatures. Perfect for testing authentication flows, API integrations, and debugging token-based systems. Fully client-side — tokens and secrets are never sent anywhere.

Create a JWT Token

How to Use the JWT Encoder

  1. Enter the JWT header as JSON — typically {"alg":"HS256","typ":"JWT"}. Use the Sample Data button for a quick start.
  2. Enter the payload as JSON — this is your claims data (user info, roles, timestamps, etc.).
  3. Enter a secret key for HMAC signing. This key is used to create the signature and must be kept private.
  4. Select the algorithm — HS256 is the most common, HS384 and HS512 offer stronger hashing.
  5. Click Encode to generate the JWT token. Copy it for use in API requests or auth headers.

Why Use This JWT Encoder

Testing JWT-based authentication often requires generating tokens on the fly. Whether you're debugging an API endpoint that expects a specific claim, testing role-based access control, or prototyping an auth flow, this encoder lets you create valid JWT tokens in seconds — no backend needed.

Unlike jwt.io, this tool runs entirely in your browser — your secret key never leaves your machine. The HMAC signature is generated using the browser's SubtleCrypto API, the same cryptography used by production systems.

Frequently Asked Questions

This tool is designed for testing and debugging purposes. For production token generation, use your application's backend with properly managed secrets stored in environment variables or a vault. Never use browser-generated tokens in production auth systems.

The tool supports HMAC-based algorithms: HS256 (SHA-256), HS384 (SHA-384), and HS512 (SHA-512). RSA and ECDSA algorithms (RS256, ES256, etc.) are not supported because they require asymmetric key pairs, which are more complex to generate client-side.

Simply add key-value pairs to the payload JSON. Common custom claims include roles, permissions, tenant, and org_id. You can add any JSON-serializable data — arrays, objects, and nested structures are all supported.

Use Cases

Testing Auth Endpoints

Generate JWT tokens with specific claims to test protected API routes and verify access control logic.

Debugging Token Formats

Create tokens with specific header or payload structures to debug serialization issues in your auth library.

Prototyping Auth Flows

Quickly build JWT tokens with custom claims to prototype authentication workflows before implementing backend logic.

Security Auditing

Generate tokens with intentionally invalid or malformed claims to test how your system handles edge cases.

Related Tools

JWT Decoder

Decode and inspect JWT tokens

JSON Formatter

Format and validate JSON data

Encoder / Decoder

Encode and decode text in various formats