Skip to content
Kordu Tools Kordu Tools
Developer Tools Runs in browser Updated 08 Apr 2026

JWT Encoder

Build and sign JWT tokens with a visual editor — set header, payload claims, expiry, and sign with HS256/HS384/HS512.

Algorithm
Secret Key

Edit the header and payload, enter a secret, then click Encode JWT
Loading rating…

How to use JWT Encoder

  1. Edit the header

    The header is pre-filled with a standard HS256 configuration. Change the algorithm if needed.

  2. Build the payload

    Enter your claims as JSON — sub, name, role, iat, exp, or any custom fields your application requires.

  3. Enter your secret

    Type the HMAC secret key that will be used to sign the token. The same key is needed to verify it later.

  4. Generate the token

    Click Encode to produce the signed JWT. Copy it to your clipboard or paste it into the JWT Decoder to verify.

JWT Encoder FAQ

Is my secret key sent to a server?
No. Signing is performed entirely in your browser using the Web Crypto API. Your secret key and payload never leave your device.

Which algorithms are supported?
HMAC-based algorithms: HS256 (SHA-256), HS384 (SHA-384), and HS512 (SHA-512). These cover the most common symmetric signing use cases.

Why not RS256 or ES256?
RSA and ECDSA signing require a private key (PEM), which is more complex to handle in a browser UI. HMAC covers the majority of development and testing scenarios.

Can I verify the token I just created?
Yes. Copy the token and paste it into the JWT Decoder tool to inspect and verify its contents.

Is the token production-ready?
The token is cryptographically valid, but use it for testing and development. Production token signing should happen in your backend, not a browser tool.

What happens if my payload JSON is invalid?
The encoder validates your JSON before signing and shows an error message if the syntax is incorrect.

Background

Create and sign JSON Web Tokens without writing code. Enter your header and payload as JSON, pick a signing algorithm, type your secret key, and get a properly signed JWT in one click.

The encoder supports HMAC algorithms (HS256, HS384, HS512) via the Web Crypto API — no libraries leave your browser and no data is sent to a server. Use it to generate test tokens for local development, debug authentication flows, or learn how JWTs work.

Who is this for: back-end developers testing API authentication, front-end developers mocking auth state, DevOps engineers debugging SSO integrations, and students learning about token-based auth. Pairs perfectly with the JWT Decoder for round-trip verification.

Related tools

JWT Decoder

Decode and inspect JWT tokens — view header, payload, claims, and expiry status without sending data to any server.

JSON Formatter

Format, validate, and minify JSON instantly — with configurable indentation, error location, and tree view.

Base64 Encoder/Decoder

Encode text or files to Base64 or decode Base64 strings back to plain text — real-time, fully in your browser.

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files instantly in your browser.

UUID Generator

Generate cryptographically secure v4 and v7 UUIDs in bulk — copy individually or all at once, instantly in your browser.

Timestamp Converter

Convert Unix timestamps to human-readable dates or dates to epoch timestamps — with timezone support and multiple formats.