JWT Sign
Build a JWT (HS256 / HS384 / HS512) from a payload and a shared secret. Inverse of jwt-decoder — useful for testing APIs that authenticate with HMAC-signed tokens.
About JWT Sign
JWT Sign builds a signed JSON Web Token from a payload and a shared secret using HS256, HS384, or HS512. It's the inverse of JWT Decoder — instead of cracking a token open to read it, you assemble one, which is handy for testing APIs that authenticate with HMAC-signed bearer tokens. Signing runs in your browser, so your secret and claims stay local.
- Category
- inspect
- Input
- Accepts: */*.
- Output
- Outputs: application/json.
- Cost
- Free, runs in your browser
- Memory
- low
Common uses
- Mint a test token with custom claims to hit a protected API endpoint during development
- Reproduce a specific JWT for a failing auth test by controlling the exact payload and secret
- Compare HS256 vs HS512 output for the same payload while choosing an algorithm
- Forge an expired or future-dated token (custom exp/iat claims) to test how your API rejects it
- Generate a valid bearer token for a Postman or curl request against a local service
Frequently asked questions
Which signing algorithms are supported?
The HMAC family: HS256, HS384, and HS512. You supply a shared secret, and the token is signed with the algorithm you pick.
Does it support RS256 or other asymmetric keys?
No. This tool covers HMAC (shared-secret) signing only. RSA and ECDSA key-pair signing aren't included.
Is my secret sent anywhere?
No. The token is built and signed entirely in your browser, so the shared secret and your payload never touch a server. Use it freely with real test secrets.
What goes in the payload?
Any JSON claims you want — sub, exp, iat, custom fields. The tool encodes the header and payload and appends the HMAC signature.
Can I read a token back after signing it?
Yes — paste the result into JWT Decoder to confirm the header and claims round-trip correctly.
Keywords
- jwt
- sign
- token
- hmac
- hs256
- hs384
- hs512
- auth
- bearer