JWT Generator

Create HS256 JWT from payload and secret.

Developer

Creating JSON Web Tokens for testing and development usually requires writing code or using command-line tools, which slows down your workflow when you just need a quick token. Our free online JWT Generator lets you enter a JSON payload and a secret key, then instantly produces a signed HS256 token ready to use in API calls, authorization headers, or test scripts. Everything runs entirely in your browser — your payload and secret key are never transmitted to any server, ensuring complete privacy. Whether you are building authentication flows, testing protected endpoints, or learning about JWT structure, this tool provides a fast, secure, and hassle-free way to generate tokens on demand.

About JWT Generator

A JSON Web Token (JWT) consists of three parts: a header specifying the algorithm and token type, a payload containing your claims (such as user ID, expiration, and custom data), and a signature that verifies the token's integrity. This tool creates JWTs signed with the HS256 (HMAC-SHA256) algorithm using the Web Crypto API built into your browser. The resulting token can be pasted directly into Authorization headers, API testing tools, or configuration files. To inspect existing tokens, use our JWT Decoder.

How to Use JWT Generator

  1. Enter a valid JSON object as the payload. Include standard claims like sub (subject), exp (expiration as Unix timestamp), iat (issued at), and any custom claims you need.
  2. Enter the secret key that will be used to sign the token with HS256.
  3. Click Generate JWT. The signed token appears instantly in the output field.
  4. Click Copy JWT to copy the token to your clipboard for use in API requests, test scripts, or configuration.

Key Features

  • HS256 signing — Generates tokens using the industry-standard HMAC-SHA256 algorithm via the Web Crypto API.
  • 100% client-side — Your payload and secret key never leave your browser. No server processing, no data exposure.
  • Instant generation — Tokens are created immediately with no page reload or waiting time.
  • One-click copy — Copy the generated JWT to your clipboard with a single button press.
  • Standard-compliant — Produces properly formatted JWTs with base64url encoding and correct header structure.
  • No installation — Works in any modern web browser without plugins, extensions, or sign-ups.

When to Use This Tool

  • Testing protected API endpoints that require Bearer token authentication
  • Building and debugging OAuth 2.0 or custom authentication flows
  • Creating tokens with specific claims (expiration, roles, permissions) for development
  • Generating sample JWTs for documentation, tutorials, or training materials
  • Quick prototyping without setting up a backend token service

Technical Details

The generator constructs a JWT by creating a header {"alg":"HS256","typ":"JWT"}, base64url-encoding both the header and your payload, then signing the concatenated result with your secret key using HMAC-SHA256 via the browser's Web Crypto API. The three parts (header, payload, signature) are joined with dots to form the final token. Base64url encoding replaces + with -, / with _, and strips padding = characters. Only HS256 is supported — for RS256 or other asymmetric algorithms, you would need a tool that handles public/private key pairs.

Conclusion

The JWT Generator is a practical tool for developers who need quick, secure token creation without writing code or setting up a backend. Combined with our JWT Decoder, it provides a complete workflow for creating, inspecting, and debugging JSON Web Tokens entirely in your browser.

Frequently Asked Questions

What algorithm does this tool support?
This tool creates JWTs signed with HS256 (HMAC-SHA256). For asymmetric algorithms like RS256 or ES256, you would need a tool or backend that handles public/private key pairs.
Is my payload or secret key sent to a server?
No. All encoding and signing happen locally in your browser using the Web Crypto API. Your data never leaves your device.
Can I set an expiration time on the token?
Yes. Add an "exp" field to your payload with a Unix timestamp value. You can also include "iat" (issued at) and "nbf" (not before). The tool does not add these automatically — you control the claims.
Can I use the generated token in production?
The token is technically valid and correctly signed. However, for production use you should generate tokens on your secure backend where the secret key is protected. This tool is best suited for development, testing, and debugging.