JWT Generator

Create and sign a JWT with HS256 and your secret. Signed in your browser with the Web Crypto API — your secret never leaves your device.

📖 Read the guide: How to Generate a JWT →

Payload (JSON)

JWT

Signed locally with HMAC-SHA256 (HS256). Your secret never leaves your browser.

How it works

Edit the payload

Put your claims (sub, name, exp, iat…) in the payload JSON box.

Enter a secret

Provide the HMAC secret that will sign — and later verify — the token.

Generate

The token is signed with HS256 using the Web Crypto API.

Copy the JWT

Use it in your tests, headers or auth flow.

Frequently Asked Questions

Which algorithm does it use?

HS256 (HMAC-SHA256) — the most common symmetric JWT algorithm, signed with your shared secret.

Is my secret safe?

Yes — signing happens entirely in your browser with the Web Crypto API, so the secret is never sent anywhere.

Can I set an expiry?

Yes — add an "exp" claim (a Unix timestamp) to your payload; convert dates with the timestamp tool.

Create and sign JSON Web Tokens (JWT) online for free. Enter your claims as JSON, provide an HMAC secret, and generate a token signed with HS256 — ready for testing auth flows, APIs and integrations. Signing uses the browser’s Web Crypto API, so your secret and payload never leave your device. Pair it with the JWT decoder and validator to inspect and verify the tokens you create.