How to Use
- Click "Load Example" to start with an API testing payload such as
sub,role, andexp. - Choose the algorithm in the Header panel.
HS256is selected by default, withHS384andHS512available. - Edit the Payload JSON. Use "In 1 hour" to write a valid
exptimestamp quickly. - Enter a test secret in the Verify Signature panel. Use "Show / Hide" when you need to verify the value.
- Copy the token and paste it into an
Authorization: Bearerheader for API testing.
Core Features
- Local Secret-Safe Signing: Your secret is sensitive. HMAC signing runs in the browser with Web Crypto API, without sending the secret, header, or payload to a server.
- Live Token Preview: Edit the header, payload, algorithm, or secret and the final JWT updates automatically.
- HMAC Algorithms: Supports HS256, HS384, and HS512 for common development and API testing workflows.
- Quick Expiration Claims: Set
expto 1 hour, 1 day, or 7 days from now with one click. - Show or Hide Secret: Toggle secret visibility while typing so you can confirm a test key without permanently exposing it.
Related Tools
The 2026 FIRE Calculator (Inflation Adjusted). Simulate real purchasing power, analyze retirement savings gaps, and generate a visual wealth roadmap. One-click CSV export for your Excel or Notion finance dashboard. 100% Private, client-side calculation.
Calculate trade position size from account balance, risk %, entry, and stop loss. Runs locally in your browser with no uploads, so you can compare risk scenarios before you trade.
Calculate compound interest from principal, recurring contributions, APY, and time. Visualize principal, interest, and final balance with a local interactive chart.
Struggling to find Erangel secret rooms? Use our 2026 interactive map to locate all 15 red-door entries, key spawns, and T3 loot heatmaps. Privacy-first & free.
Definitive Taego map for 2026. With Error Spaces removed, identify "Blue-Roof" houses for crate-tier loot and Self-AEDs. Privacy-first, forever free.
Vikendi 2026 tactical guide. Track deadly Bear Cave entrances, Lab Camp security keys, and Thermal Scope spawn zones. Avoid Polar Bears, grab loot.
Master Rondo 2026 with our 8x8 tactical map. Locate every Security Door, Keycard spawn, and Safe for maximum gold. Privacy-first & free.
Struggling with blurry markups? EasyTools offers a universal stamper supporting lossless SVG scaling and high-quality WebP export. Preserve transparency and export JSON data locally.
Calculation Logic
- A JWT contains three parts:
header.payload.signature. - This tool serializes the header and payload as compact JSON, then Base64Url-encodes both parts.
- The signature is produced locally with the browser Web Crypto API by running HMAC-SHA over
header.payload. - This tool is intended for development and testing. Even with local signing, do not paste production secrets into third-party websites.
FAQ
Is it safe to paste my JWT secret here?
Signing runs locally in your browser and the tool does not upload the secret, header, or payload. Still, security best practice is to use development, test, or temporary secrets only.
Can I reveal the secret while typing?
Yes. The Secret field includes a Show / Hide toggle so you can verify a test secret without leaving it visible.
What algorithms are supported?
This version supports HMAC algorithms: HS256, HS384, and HS512. RS256 requires private-key parsing and asymmetric signing, so it is not promised here.
How can I set token expiration?
Add an exp claim using a UNIX timestamp in seconds. The quick buttons can set it to 1 hour, 1 day, or 7 days from now.
Can I use the generated JWT in production?
Use it for local development, API integration tests, and debugging. Production tokens should be issued by trusted backend infrastructure.