JWT Generator
Create signed JSON Web Tokens for testing and development. HMAC signing runs entirely in your browser.
What is the JWT Generator?
This tool creates signed JSON Web Tokens (JWTs) for testing APIs, authentication flows, and development environments. Select an HMAC algorithm, define your claims, provide a secret key, and get a properly signed token instantly — all in your browser.
How to use it
1. Choose an algorithm (HS256, HS384, or HS512). 2. Edit the payload JSON to include the claims you need — use the quick-add buttons for standard claims like exp, iat, sub, and jti. 3. Enter a secret key for HMAC signing. 4. Click Generate JWT and copy the result.
JWT structure explained
A JWT has three Base64url-encoded parts separated by dots: • Header — specifies the signing algorithm and token type (e.g. {"alg":"HS256","typ":"JWT"}). • Payload — contains claims (statements about an entity and additional data). Standard claims include iss (issuer), sub (subject), exp (expiration), and iat (issued at). • Signature — created by signing the encoded header and payload with a secret key using the specified algorithm. This ensures the token hasn't been tampered with.
Is it safe to generate JWTs in the browser?
Yes — this tool runs entirely in your browser using the Web Crypto API. No data is sent to any server. However, never use test secrets or tokens in production systems. Always generate production tokens on your backend with proper secret management.
Related tools
Already have a token? Use our JWT Decoder to inspect its header, payload, and expiry status without needing the signing secret.
