browserutils

JWT Builder

Encode and build JSON Web Tokens

JWT Builder is a free online tool from BrowserUtils that encode and build json web tokens. It runs entirely in your browser — your data never leaves your device. No account required.

Header
Algorithm:
Payload
Add claim:
Secret

Related guides

GlossaryWhat is JWT?GlossaryWhat is OAuth?

How to use JWT Builder

  1. 1 Paste or type your input into the editor above.
  2. 2 The tool processes your data instantly — right in your browser, with nothing sent to a server.
  3. 3 Copy the result with one click or continue editing your input.

About JWT Builder

Free online JWT encoder and builder. Create JSON Web Tokens by specifying header, payload, and secret with HMAC-SHA signing using the Web Crypto API. This tool runs entirely in your browser — your data is never sent to a server. Just paste your input, get instant results, and copy with one click. No sign-up or installation required.

JWT Builder specs

Runtime
100% client-side (browser)
Built on
TextEncoder, TextDecoder, btoa/atob, and encodeURIComponent — all Web Platform APIs
Cost
Free — no account, no rate limits, no usage caps
Browser support
Chrome 90+, Firefox 88+, Safari 14+, Edge 90+
Part of
299 developer tools on BrowserUtils (100% client-side)

Questions

What signing algorithms are supported?
The builder supports HMAC-based algorithms: HS256 (HMAC-SHA256), HS384 (HMAC-SHA384), and HS512 (HMAC-SHA512). Signing is done entirely in your browser using the Web Crypto API.
Is this safe for production tokens?
This tool is designed for development and testing. For production JWTs, use your server-side signing infrastructure. Never share your production signing secrets.
What claims should I include in a JWT payload?
Common claims include "sub" (subject/user ID), "iat" (issued at), "exp" (expiration time), "iss" (issuer), and "aud" (audience). You can also add custom claims for your application.
Can I create JWTs for testing API authentication?
Yes, this is a common use case. Build a token with the correct claims and signing secret to test your API endpoints during development.
Is my signing secret safe when building JWTs online?
Yes, the JWT is built and signed entirely in your browser using the Web Crypto API. Your secret key never leaves your device. Still, avoid using production secrets in any browser tool.
What is the difference between HS256 and RS256 for JWTs?
HS256 uses a shared secret key for both signing and verification. RS256 uses an RSA key pair where the private key signs and the public key verifies. RS256 is better when multiple services need to verify tokens independently.
Embed this tool

Copy this code to embed the tool on your website. Adjust the height to fit your layout.

<iframe src="https://www.browserutils.dev/embed/jwt-builder" width="100%" height="500" frameborder="0" title="JWT Builder"></iframe>

Related tools

JWT Decoder
Decode and inspect JSON Web Tokens
Base64 Encoder / Decoder
Encode and decode Base64 strings instantly
HMAC Generator
Generate HMAC message authentication codes

More Encoding & Decoding

Base64 Encoder / DecoderURL Encoder / DecoderHTML Entity Encoder / DecoderJWT DecoderBase32 Encoder / DecoderROT13 Encoder / DecoderMorse Code TranslatorBinary to Text Converter
View all Encoding & Decoding tools