What algorithm is used?

Our encoder supports HS256 (HMAC with SHA-256), which is the most commonly used JWT algorithm for symmetric key signing.

What should I put in the payload?

The payload contains claims—standard fields like iss (issuer), exp (expiration), sub (subject) plus any custom data you need to transmit.

How secure are generated JWTs?

JWTs generated with a strong secret key are secure. Use a long, random secret. Remember: the payload is encoded, not encrypted, so do not put sensitive data in it.

What is the secret key for?

The secret key is used to create the signature. The same secret is needed to verify the token later. Keep it secure and never share it.

JWT Encoder – Encode JWT Online (Free Tool)

Free online JWT Encoder tool to create and encode JSON Web Tokens with custom payload and secret. Generate tokens for authentication and authorization testing. Supports HS256 algorithm with custom secret key. All encoding happens locally in your browser.

Example Output

Standard 3-part JWT: base64url(header).base64url(payload).signature.

Input

HS256, payload {"sub":"user-1","exp":1735689600}

Output

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyLTEiLCJleHAiOjE3MzU2ODk2MDB9.signature...

What is JWT Encoder?

JWT Encoder produces a signed JSON Web Token from your header, payload, and signing key. Supports HMAC (HS256/384/512) for symmetric keys and RSA/ECDSA (RS256, ES256) when you supply a PEM private key. Everything signs in your browser — keys never leave your machine.

Why use this tool?

Lightweight page weight that loads quickly even on slow connections
Works on desktop, tablet, and mobile in any modern browser
Stable behavior across visits — no surprise version drift
No telemetry on the tokens, payloads, or code you paste in
Built for developer workflows: copy-friendly output, syntax-aware highlighting where useful

How to use

Pick an algorithm (HS256/HS384/HS512 for symmetric, RS256/ES256 for asymmetric)
Edit the header and payload JSON in the two text areas
Provide the signing key (secret for HS*, PEM private key for RS*/ES*)
Click Encode to produce the signed JWT — copy and use

Examples

Create a test access token

Set algorithm HS256, payload {"sub": "test-user", "exp": <future timestamp>}, secret "dev-secret-do-not-ship" — token is ready for use in local API tests.

Sign with RSA

Choose RS256, paste the private key in PEM form, encode — useful for testing services that verify with your matching public key.

Common use cases

Generating test JWTs for local API development
Crafting specific test cases (expired, malformed, wrong-issuer) to validate your verifier
Demos and presentations explaining JWT structure
CI scripts that need short-lived signed tokens

Troubleshooting

"Invalid key" error on RS256.: Make sure you're pasting a PEM-formatted private key (begins with -----BEGIN RSA PRIVATE KEY----- or PRIVATE KEY-----). PKCS#1 and PKCS#8 are both accepted.
Generated token rejected by my server.: Most common causes: clock skew (exp/iat off by more than the server's tolerance), wrong audience/issuer claims, or signing with HS256 when the server expects RS256. JWT Decoder will help you inspect what the server received.

Frequently Asked Questions

JWT encoding creates a token consisting of three Base64-encoded parts: header, payload, and signature. It is commonly used for authentication in web applications.

Try these related tools

JWT Decoder Base64 Encoder JSON Formatter JSON Validator

Explore more Developer Tools

Discover other free, privacy-first tools in Developer Tools.

All Developer Tools Browse all tools