JWT Encode / Decode

Create and verify JSON Web Tokens (HS256) locally in your browser.

Header (JSON)

Payload (JSON)

Secret (for HS256)

If empty, token preview will be unsigned.

Result

JWT (HS256)

—

Token

Secret (optional for verify)

Decode / Verify

Paste a token to decode. Provide secret to verify signature.

How to Use

Create or Paste JWT

Use the 'Generate' section to build a new JWT by editing the Header and Payload JSON, or use 'Decode / Verify' to inspect an existing token.

Sign with Secret

For HS256 tokens, provide a secret key. The tool will automatically generate the correct signature or verify an existing one.

Inspect Claims

View the decoded JSON objects for both the Header and Payload. The tool also checks for common claims like expiration (exp) and 'not before' (nbf).

Frequently Asked Questions

What is a JWT?

JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Is it safe to use my secret here?

Yes. All signing and verification happen locally in your browser. Your secret key is never sent to our servers, ensuring your data remains private.

What algorithms are supported?

This tool currently supports the HS256 (HMAC with SHA-256) algorithm for both generation and verification. It's the most common symmetric signing method for JWTs.