DevTulz Online

JWT Encoder & Signer

Header (JSON)

Payload (JSON)

Secret / Private Key

Generated JWT

What is JWT Encoding?

JWT encoding (signing) creates a cryptographically signed token from a header and payload. You specify the algorithm (HS256 for HMAC with a shared secret, RS256 for RSA with a private key, ES256 for ECDSA), set the claims in the payload (sub, iss, aud, exp, iat, and any custom fields), provide the signing key, and the tool produces a signed JWT string. Signed JWTs can be passed to other services as proof of identity or authorization. This tool is useful for creating test tokens when building authentication flows, generating tokens for automated tests, and understanding how the signing process works.

How to Use the JWT Encoder Tool

  1. Select the signing algorithm (HS256, HS384, HS512 for HMAC; RS256, RS384, RS512 for RSA; ES256, ES384, ES512 for ECDSA).

  2. Edit the payload JSON to set your claims — include exp (expiration), iat (issued at), sub (subject), and any custom fields.

  3. For HS algorithms, enter a secret key string. For RS/ES algorithms, paste a PEM private key.

  4. The signed JWT is generated automatically.

  5. Copy the JWT token for use in Authorization: Bearer headers or other authentication flows.

This JWT encoder runs entirely in your browser using the Web Crypto API — your private keys and secrets are never sent to any server. Supports all standard JWT signing algorithms. Useful for generating test tokens, building authentication demos, and understanding JWT structure.

Need to decode JWTs? Try our JWT Decoder →

Frequently Asked Questions

What algorithm should I use — HS256 or RS256? HS256 (HMAC-SHA256) uses a shared secret — both the issuer and verifier must know the same secret. This is simpler but requires secret sharing. RS256 (RSA-SHA256) uses a key pair — the issuer signs with the private key and verifiers check with the public key. RS256 is better for distributed systems where you don't want to share a secret with every service.

What is the exp claim and how do I set it? exp is a Unix timestamp representing when the token expires. To create a token valid for 1 hour, set exp to Math.floor(Date.now() / 1000) + 3600. Tokens without an exp claim never expire, which is a security risk for access tokens.

Is it safe to create tokens with this tool? For development and testing, yes. All signing happens in your browser — private keys and secrets are not transmitted. Do not use production private keys in any web-based tool as a precaution.

Keywords: JWT encoder online, create JWT, JSON Web Token generator, JWT signing, JWT builder, HMAC signing, RSA signing, free JWT tool