JWT Encoder (HS256)
Paste Header and Payload JSON, enter a secret, and generate a signed JWT.
For testing only. Do not paste production secrets.
What is a JWT?
JWT (JSON Web Token) is a compact token format used for authentication and authorization. A token consists of three parts: header, payload, and signature.
This tool generates a signed JWT using HS256 (HMAC SHA-256) locally in your browser. Your data is not sent to the server.
How to use the JWT Encoder
- Paste JSON into Header and Payload.
- Enter the secret used for signing (HS256).
- Click Generate to produce a JWT token.
- Use Copy to copy the result.
Tips
- HS256 uses a shared secret. Anyone with the secret can verify and sign tokens.
- If you need asymmetric keys, use RS256/ES256 (not included in this tool).
- JWT is not encryption. Payload data is readable after Base64URL decoding.
Related tools
You may also find these tools useful.
JWT Decoder
Decode JWT header and payload instantly in your browser.
Encoding & Security
›
JWT Debugger
Analyze, validate, and edit JWT tokens online.
Encoding & Security
›
HMAC Generator
Generate HMAC-SHA-256, SHA-1, and SHA-512 signatures instantly in your browser.
Encoding & Security
›
Base64 Encoder / Decoder
Encode and decode Base64 online instantly. Free Base64 converter with no login.
Encoding & Security
›
JWT Encoder FAQ
Is JWT the same as encryption?
No. JWT is a signed token format. The payload is not encrypted and can be decoded.
Why does verification fail on my server?
Common causes are a different secret, different algorithm, or payload/header formatting differences.
Does Toolinix send my token to a server?
No. Generation happens locally in your browser.