JWT Encoder

Generate signed JSON Web Tokens from header and payload JSON using HS256/384/512.

JWT Encoder

Create signed JSON Web Tokens (JWT) from header + payload using HMAC algorithms.

Settings Prefilled examples
This tool creates symmetric (shared-secret) JWTs. Keep your secret private.
Only used when exp is not already present in the payload.
Result Copy-ready
No output yet
Fill in your payload and click Generate.
Payload JSON Required
Input is validated by max characters.0
Header JSON Optional
Copied

About JWT Encoder

JWT Encoder – Create Signed JSON Web Tokens Online

A JWT encoder helps you generate a signed JSON Web Token (JWT) from a header and payload in seconds. Use it to create test tokens for local development, API debugging, and documentation examples without installing extra libraries or writing boilerplate code.

How JWT Encoder Works

This tool takes your JWT header and payload as JSON, applies Base64URL encoding, and then signs the result using a symmetric HMAC algorithm. The final token is assembled as three dot-separated parts: header.payload.signature. If you enable timestamps, the tool can add iat (issued at) and exp (expiry) claims when they are missing so you can quickly create realistic, time-bound tokens.

Step-by-Step

  • 1) Choose an algorithm: Select HS256, HS384, or HS512 depending on the HMAC hash you need.
  • 2) Enter your secret: Provide the shared signing secret used to create the signature.
  • 3) Paste payload JSON: Add claims such as sub, aud, iss, roles, or scopes.
  • 4) Optionally provide header JSON: Add custom header fields; the tool will always set alg to match your selection and typ to JWT if missing.
  • 5) Generate: The encoder Base64URL-encodes header and payload, signs the input, and outputs a ready-to-use JWT string.

Key Features

HMAC algorithms for common JWT flows

Generate tokens using HS256, HS384, or HS512—popular choices for internal services, test environments, and systems where a shared secret is appropriate. The output uses the standard JWT compact serialization format so it can be pasted directly into an Authorization: Bearer header.

Optional automatic time claims

When enabled, the encoder adds iat and exp only if they are not already present. This makes it easy to create tokens that behave like production tokens without accidentally overwriting custom time values you may want to test.

Decoded preview for quick verification

Alongside the token, the tool shows a pretty-printed view of the header and payload that were encoded. This helps you confirm that the JSON you provided is valid and that the claims are exactly what your API expects.

Copy and download workflow

Copy the generated JWT to the clipboard in one click or download it as a plain text file. This is useful when you are preparing examples for API docs, QA handoffs, or integration test fixtures.

Safe defaults for immediate output

The tool loads with realistic sample claims and a placeholder secret so you can generate a valid token on the first page load. Replace the sample values with your own to create tokens for your environment.

Use Cases

  • API testing: Create a Bearer token to hit protected endpoints in Postman, Insomnia, or curl.
  • Local development: Generate tokens for a dev server when you do not want to wire up a full auth provider yet.
  • Integration tests: Produce stable fixtures for automated tests that require signed tokens with specific claims.
  • Debugging auth issues: Quickly adjust claims like aud, iss, or scope to reproduce authorization failures.
  • Documentation examples: Create realistic JWT strings to include in docs without exposing production secrets.
  • Learning and demos: Understand how JWT structure works by seeing the header, payload, and signature relationship.

Whether you are building a new service or troubleshooting an existing one, a reliable JWT encoder reduces friction and helps you iterate faster. You can try multiple claim sets and expiry settings until your authentication and authorization rules behave as expected.

Optimization Tips

Keep secrets long and unpredictable

For HMAC-based JWTs, the strength of the token depends heavily on the signing secret. Use a long, random secret (for example 32+ bytes) and rotate it when your environment or team changes. Avoid using short words, shared passwords, or secrets committed to repositories.

Be deliberate with standard claims

Claims such as iss (issuer), aud (audience), and sub (subject) are often validated by libraries and gateways. Align these values with your server configuration, and use the decoded preview to confirm they are correctly encoded.

Test expiry and clock skew behavior

When you validate tokens, your server may apply clock skew allowances. Create tokens with short expirations and verify how your middleware reacts at the boundary. If you need a fixed timestamp for a test, include your own iat and exp so the tool will not overwrite them.

FAQ

A JWT is a compact token format that contains a header and a set of claims (payload). “Signed” means a cryptographic signature is added so recipients can verify the token was not modified and was created using the expected secret.

This encoder supports HMAC algorithms: HS256, HS384, and HS512. These are symmetric algorithms that use a shared secret to sign and verify tokens.

The tool is designed to generate the token on demand and display the result immediately. For sensitive workflows, use a secret meant for development or testing and avoid pasting production secrets into any third-party interface.

The iat claim indicates when the token was issued, and exp defines when it expires. Many APIs reject tokens that are expired or missing required time claims, so adding them helps your test tokens behave like real ones.

Use the same algorithm and secret in your JWT library’s verification function, then compare the decoded header and payload with the preview shown by this tool. If verification fails, double-check that the server expects the same issuer, audience, and signing secret.

Why Choose This Tool?

This JWT Encoder focuses on the workflow developers actually need: paste JSON, pick an algorithm, and get a token that can be used immediately. The interface includes a decoded preview so you can validate claims at a glance, and it supports automatic time claims to speed up realistic testing.

When you are iterating on authentication rules, small changes to claims can have a big impact. With a fast encoder, you can regenerate tokens quickly, test multiple scenarios, and keep your debugging loop tight. Use it for development and QA, and always protect your production secrets by generating test-only credentials for your experiments.