Crypto

JWT Builder / Generator

Build and sign JSON Web Tokens with custom claims using HMAC algorithms

Algorithm & Secret
Standard Claims
Custom Claims

No custom claims. Click "Add Claim" to add one.

Generated Token
Decoded Token

What Is the JWT Builder?

The JWT Builder is a free online tool for creating and signing JSON Web Tokens (JWTs) with custom claims using HMAC algorithms. JWTs are the standard format for authentication tokens, API authorization, and secure data exchange in modern web applications.

Building JWT tokens manually requires encoding the header and payload as Base64url, then computing the HMAC-SHA signature — a tedious and error-prone process. This JWT generator handles all of that automatically. Define your claims (sub, iss, exp, iat, and custom fields), choose your signing algorithm, enter your secret, and get a valid, signed JWT instantly.

This tool is ideal for testing API authentication, generating tokens for development environments, and learning how JWTs work. Everything runs in your browser — your secret keys never leave your machine.

How to Build a JWT Token

  1. Set header claims — Choose the signing algorithm (HS256, HS384, HS512). The header is configured automatically.
  2. Define payload claims — Add standard claims (sub, iss, aud, exp, iat, nbf) and any custom claims your application requires.
  3. Enter your secret — Provide the HMAC secret key used to sign the token.
  4. Generate the token — Click generate to create a valid, signed JWT. The three-part token (header.payload.signature) appears instantly.
  5. Copy and use — Copy the JWT to use in API testing, Authorization headers, or development environments.

Key Features

  • HMAC signing — Sign tokens with HS256, HS384, or HS512 algorithms using your secret key.
  • Custom claims — Add any standard or custom claims to the JWT payload with a visual editor.
  • Expiration control — Set exp (expiration), iat (issued at), and nbf (not before) timestamps easily.
  • Live token preview — See the encoded JWT update in real time as you modify claims.
  • Token verification — Paste an existing JWT to decode and verify its signature with your secret.
  • 100% client-side — Your secret keys and tokens never leave your browser.

Common Use Cases

  • API development — Generate test tokens for authenticating against your API during development without a running auth server.
  • Postman / Insomnia testing — Create valid JWTs to use in API testing tools for protected endpoints.
  • Learning JWT structure — Understand how JWTs are constructed by building one step by step and seeing the encoded result.
  • Debugging auth issues — Generate tokens with specific claims to test edge cases like expired tokens, wrong audiences, or missing scopes.
  • Microservice communication — Create service-to-service tokens for testing inter-service authentication flows.

Frequently Asked Questions

Related Tools

#
Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text
🔐
SRI Hash Generator
Generate Subresource Integrity hashes for scripts and stylesheets
{ }
JSON Formatter
Format, validate, and minify JSON data with syntax highlighting
B64
Base64 Encode/Decode
Encode text to Base64 or decode Base64 to text instantly

🔒 This tool runs entirely in your browser. No data is sent to any server.