JWT Generator
Generate signed JWT tokens locally using HS256 and the browser Web Crypto API. No server involved.
Header JSON
Payload JSON
Secret (HS256)
Only HS256 is supported. The secret never leaves your browser.
Token will appear as you edit
JWT Token Generator
Edit the header and payload JSON, enter your HS256 secret, and the signed JWT is generated live as you type. The token is colour-coded by segment (header · payload · signature). Use the existing JWT Decoder to inspect tokens you receive. All signing uses the browser's crypto.subtle API — no secrets leave your device.
Frequently Asked Questions
- What signing algorithm is supported?
- Currently HS256 (HMAC with SHA-256) is supported. This uses a shared secret to sign the token. The browser's native crypto.subtle.sign() API is used — no external libraries.
- Is my secret key safe?
- Yes. The secret is used locally in your browser to compute the HMAC signature. It is never sent to any server. Close the tab to clear it from memory.
- Can I decode the generated token?
- Yes. The tool automatically decodes and displays the header and payload sections of the generated token below the token output.
- What are iat and exp in the payload?
- iat (issued at) is the Unix timestamp when the token was created. exp (expiration) is the Unix timestamp after which the token is no longer valid. Both are standard JWT claims.
- Can I use this to test my API?
- Yes. Copy the generated token and use it as a Bearer token in your API requests (Authorization: Bearer <token>). Make sure your API uses the same secret for verification.