eyJhbGc…

JWT Generator

100% Free

Sign HMAC JWTs (HS256/HS384/HS512) for API testing — secret, payload, algorithm, signed token. Pairs with the JWT Decoder for round-trip verify.

Real-time

Client-Side

RFC 7519

Algorithm

Payload (JSON)

Standard claims: iss, sub, aud, exp, nbf, iat, jti.

Secret

The secret never leaves your browser. Use ≥ 32 random bytes for HS256, ≥ 48 for HS384, ≥ 64 for HS512.

Signed JWT

Enter payload and secret…

Embed This Tool

Easy to Embed

Add JWT Generator to your website or blog in seconds.

Responsive design
Lightweight & fast
No backend required
Always up-to-date

<iframe
  src="https://tools.town/embed/jwt-generator/"
  width="100%"
  height="600"
  style="border:none; border-radius:12px;"
  loading="lazy"
  title="JWT Generator">
</iframe>

Share This Tool

Share Instantly

Share JWT Generator with anyone — no login required.

Shareable link
No login required
Works on any device
No account needed

Share via

How to Use

1 Pick HMAC algorithm — HS256 (default), HS384, or HS512
2 Paste or write your JSON payload (must be a JSON object)
3 Enter the shared secret used to sign the token
4 The signed JWT updates instantly as you change inputs
5 Copy and paste into Postman / curl Authorization header

Features

All three HMAC algorithms (HS256/HS384/HS512)
Real-time signing as you type
Standard claim placeholders (iss, sub, aud, exp, nbf, iat, jti)
Custom header claims (e.g., kid for key rotation)
Round-trip verifiable with the JWT Decoder
Uses Web Crypto subtle.sign — same primitive as Node `crypto`

Why it Matters

Backend API tests need real JWTs. Spinning up a Node script with `jsonwebtoken` for every test fixture is overkill — most of the time you just want a quick token for one experiment. This tool produces RFC 7519-compliant tokens in milliseconds, and they verify against any conforming JWT library.

★★★★★

Use Cases

API Testing

Mint a quick token to test a protected endpoint

Webhook Signing

Generate signed payloads to test webhook handlers

OAuth Mock

Build a test JWT with custom scopes / roles

Frequently Asked Questions

Does this support RS256 or ES256 (asymmetric algorithms)?

No — only HMAC algorithms (HS256/HS384/HS512). RS256/ES256 require keypair management which makes more sense server-side. For asymmetric tokens use a Node CLI.

How long does the token last?

Forever, unless you set an `exp` claim in the payload. Add `"exp": <unix-seconds>` to set an expiry — for example, `Math.floor(Date.now()/1000) + 3600` for 1 hour.

Is my secret safe?

Yes — signing happens entirely in your browser via Web Crypto. The secret never leaves your device. Don't paste real production secrets into any tool you don't fully trust though.

How is HS256 different from HS512?

Both are HMAC, just with different SHA-2 hash functions. HS512 produces a longer signature (86 vs 43 chars) and is marginally more secure, at the cost of a slightly larger token. HS256 is the default for most JWT libraries.

📖

Want to learn how this works?

Browse all guides →

How to Use JWT Generator

jwt

How to Use JWT Generator — Complete Guide

Learn how to create signed JWT tokens for testing and development using Tools.Town's free JWT Generator.

8 May 2026

5 min read

Related Tools You Might Like

Password Generator

Generate strong, secure and random passwords instantly. Keep your accounts safe with our advanced password generator.

SHA-256 Hash Generator

Generate SHA-256 hashes and HMAC-SHA256 signatures — the secure standard for file integrity, JWT signing, and API request signatures.

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-384, and SHA-512 hashes instantly. Client-side.

JWT Decoder

Paste any JSON Web Token to decode header, payload claims, and inspect expiry status — 100% client-side, signature never leaves the browser.

UUID Generator

Generate cryptographically random RFC 4122 v4 UUIDs — single, bulk (up to 1000), with format options. 100% client-side.

Browse more free tools — no sign-up required

More Security Tools All categories

AI Text Summarizer

Go Premium