JWT Builder

Create, sign, and verify JSON Web Tokens with HMAC algorithms using the Web Crypto API.

Algorithm

Header (JSON)

Payload (JSON)

Add Standard Claims

exp (expiry):

nbf (not before):

Custom Claim

Sample Tokens

Secret Key

What is a JWT Builder?

A JWT builder creates and signs JSON Web Tokens for testing and development. You can define custom header and payload claims, set expiration times, and sign tokens using HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512 algorithms. The builder uses the Web Crypto API for client-side signing — your secret key never leaves your browser.

Common Use Cases

•Creating test tokens for API development and debugging
•Building JWTs with specific claims for integration testing
•Generating tokens with custom expiration for testing auth flows
•Learning how JWT signing and verification works
•Creating sample tokens for API documentation

Frequently Asked Questions

Is it safe to sign JWTs in the browser?

For development and testing, yes. The signing happens entirely client-side using Web Crypto API. However, in production applications, JWTs should be signed on the server where the secret key is securely stored.

What claims should a JWT include?

Common claims are: iss (issuer), sub (subject/user ID), exp (expiration time), iat (issued at), aud (audience), and custom claims like roles or permissions. At minimum, always include exp to prevent tokens from being valid forever.