Create and sign HS256 JSON Web Tokens from a payload and secret, entirely in your browser.
How to use the JWT Generator
Edit the payload as a JSON object.
Enter your HS256 secret.
Generate and copy the signed token.
Frequently asked questions
HS256 (HMAC with SHA-256), the most common symmetric JWT algorithm, signed in your browser with the Web Crypto API.
No. Signing happens entirely in your browser, so the secret and payload never leave your device. Still, avoid real production secrets on shared machines.
Yes, use the JWT decoder tool to inspect the header and payload of an existing token.
A JWT generator that builds and signs HS256 JSON Web Tokens from your payload and secret using the Web Crypto API, all client-side.
It pairs with the JWT decoder and keeps your secret private by never uploading it.
Related tools
Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes of any text, right in your browser.
Convert colors between HEX, RGB and HSL with a live preview.
Convert Unix timestamps to human dates and back — UTC, local, ISO 8601 and relative time. Seconds and milliseconds are auto-detected.
Percent-encode and decode URLs and URL components, UTF-8 safe.
We use essential cookies to run the site. With your consent we also load Google AdSense, which sets advertising cookies. See our privacy policy.