JWT Generator

Create JSON Web Token with custom Header and Payload

HEADERJWT Header Config
SECRETSigning Secret
PAYLOADJWT Payload Config
Quick Add:
Generated JWT Token
Click the button above to generate a JWT Token

What is JWT?

JWT (JSON Web Token) is an open standard (RFC 7519) for securely transmitting information between parties. JWT consists of three parts: Header, Payload, and Signature, separated by dots. JWT is commonly used for authentication and information exchange.

How to Use

JWT Generation Flow

  1. Select signing algorithm (default HS256)
  2. Enter or click "Generate" to create a signing secret
  3. Edit Payload JSON, use quick add buttons to add standard claims
  4. Set issued at (iat) and expiration (exp) time
  5. Click "Generate JWT Token" button
  6. Copy the generated Token for testing or development

Supported Algorithms

AlgorithmTypeDescription
HS256SymmetricHMAC SHA-256, most commonly used
HS384SymmetricHMAC SHA-384
HS512SymmetricHMAC SHA-512

Examples

Generate User Auth Token Payload config: { "sub": "user-123", "name": "John", "role": "admin", "iat": 1705312800, "exp": 1705399200 } Use generated JWT for: - API request authentication - Single Sign-On (SSO) - User session management Set Token Expiration Use preset shortcuts: - 1 hour: for temporary sessions - 24 hours: for daily login - 7 days: for "remember me" feature - 30 days: for long-lived tokens

FAQ

Q: Is the generated JWT safe for production?

A: The JWT format is correct, but ensure you use a strong random secret (at least 32 characters) and set a reasonable expiration time. Keep the secret safe and never expose it.

Q: Why only HMAC algorithms?

A: This tool currently supports symmetric algorithms (HS256/HS384/HS512), suitable for most scenarios. RSA and other asymmetric algorithms require key pair management and will be supported in future versions.

Q: What do iat and exp do?

A: iat (Issued At) indicates when the token was issued, exp (Expiration) indicates when it expires. Servers can verify if the token is within its valid period.

Q: How to verify the generated JWT?

A: Use the JWT Decoder tool on this site, or verify the signature server-side using the same secret.

Related Tools

JWT Decoder

Free online JWT parser to decode and verify JSON Web Tokens. View Header and Payload content, debug API authentication issues.

Hash Generator

Free online hash generator supporting MD5, SHA-1, SHA-256, SHA-512 algorithms. Generate text hashes instantly for data verification and password storage.

Password Generator

Free online strong password generator with customizable length and character types. Create high-security random passwords, prevent brute force attacks, protect accounts.

Base64 Encoder

Free online Base64 encoder & decoder supporting UTF-8 text, Chinese characters & images. Real-time encoding/decoding, no installation needed, privacy-first local processing.

JSON Formatter

Free online JSON formatter with syntax highlighting, error detection & minification. Beautify JSON data instantly, detect format errors, boost your development workflow.