JWT generator (HS256)

Security tools

Generate signed HS256 JWTs from custom header and payload JSON locally.

Updated May 25, 2026

JWT input

JWT output

Quick start

How to generate HS256 JWT

Provide header/payload JSON and shared secret to sign token.

Step 1

Edit claims

Adjust header and payload JSON.
Step 2

Set secret

Provide HS256 secret key.
Step 3

Generate token

Copy signed JWT for testing.

In-depth guide

JWT generator (HS256)

Generate HS256 JSON Web Tokens locally by providing header, payload and shared secret.

JWT structure

JWT has three base64url parts: header.payload.signature.

Security note

Never embed production secrets in frontend code; this tool is intended for testing and debugging workflows.

When to use it vs alternatives

Use this tool for quick browser-based work when you need an answer or output immediately. Use a dedicated application or automated workflow when you need bulk processing, approvals, or repeatable production rules.

Step-by-step usage

Edit claims — Adjust header and payload JSON.
Set secret — Provide HS256 secret key.
Generate token — Copy signed JWT for testing.

Common pitfalls

Check the result before replacing the original input.
Watch for unit, format, encoding, and browser memory limits on large inputs.
Keep a copy of important source material until the output is verified.

Frequently asked questions

Which JWT algorithm is supported?

This release supports HS256 signing.

Does token generation call a server?

No. Signing is done locally using WebCrypto HMAC.

Can I verify the token?

Use the existing JWT decoder tool to inspect claims and signature segments.

Keep exploring

More tools you'll like

Hand-picked utilities that pair well with the one you're on — all free, client-side, and zero-signup.

More security tools

See all →

Popular across EpitomeTool

Browse all →

Browse all 200+ free tools