UtilHero

JWT Encoder

Build and sign a JSON Web Token with HMAC — in your browser.

Algorithm

Signed in your browser with HMAC — the secret never leaves this page. Don't paste a production secret you don't control.

About JWT Encoder

A JWT encoder builds a signed JSON Web Token from your payload and secret. Enter claims and a secret, pick HS256, HS384, or HS512, and it signs the token with HMAC via the browser's Web Crypto API. Signing runs locally, so your secret is never transmitted.

Frequently asked questions

Which algorithm should I choose?
HS256 is the common default and interoperates everywhere. HS384 and HS512 use larger HMAC digests if your system requires them.
Is my signing secret safe?
Yes. The token is signed in your browser with Web Crypto; your secret and payload are never sent to a server.
Can I decode the token I create?
Yes — paste it into the JWT Decoder to inspect its header and payload.

More tools