Skip to main content
L
Loopaloo
Buy Us a Coffee
All ToolsImage ProcessingAudio ProcessingVideo ProcessingDocument & TextPDF ToolsCSV & Data AnalysisConverters & EncodersWeb ToolsMath & ScienceGames
Guides & BlogAboutContact
Buy Us a Coffee
L
Loopaloo

Free online tools for developers, designers, and content creators. All processing happens entirely in your browser - your files never leave your device. No uploads, no accounts, complete privacy.

support@loopaloo.com

Tool Categories

  • Image Tools
  • Audio Tools
  • Video Tools
  • Document & Text
  • PDF Tools
  • CSV & Data
  • Converters
  • Web Tools
  • Math & Science
  • Games

Company

  • About Us
  • Contact
  • Blog
  • FAQ

Legal

  • Privacy Policy
  • Terms of Service
  • Disclaimer

Support

Buy Us a Coffee

© 2026 Loopaloo. All rights reserved. Built with privacy in mind.

Privacy|Terms|Disclaimer
  1. Home
  2. Converters & Encoders
  3. JWT Builder
Add to favorites

JWT Builder

Create and sign JSON Web Tokens (JWT) with custom claims. Support for HS256, HS384, HS512 HMAC algorithms

Build a JWT from scratch by specifying the header algorithm, payload claims, and signing secret. The tool assembles the token in real time, letting you experiment with different claims and see the resulting encoded string. Perfect for generating test tokens during development.

Runs in your browser and files never uploadedMore converters & encodersJump to full guide

Related reading

  • Understanding JWT Tokens: Structure, Security, and Validation12 min read

Initializing in your browser…

You might also like

JWT Decoder

Decode and inspect JSON Web Tokens (JWT). View header, payload, claims, expiration status, and signature without needing the secret key

PDF Signature Tool

Add your signature to PDF documents. Draw, type, or upload your signature, then position it anywhere on the page. Perfect for contracts, agreements, and official documents.

QR Code Generator

Generate QR codes from text or URLs

JWT Builder: a worked example

You are testing an authorization guard and need a signed HS256 token with a specific subject and a 1-hour expiry.

Claims + secret

sub: user_42 · role: admin · exp: +3600s · alg HS256 · secret "test-secret"
JWT Builder produces

Signed token

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzQyIiwicm9sZSI6ImFkbWluIiwiZXhwIjoxNzAwMDAzNjAwfQ.<hmac-signature>

The builder encodes your header and claims, then signs `header.payload` with HMAC-SHA256 using your secret, producing a token your backend will accept as genuine in tests. `exp` is set as a Unix timestamp so you can deliberately mint already-expired tokens to exercise rejection paths. Signing happens locally; the secret is never sent anywhere.

What is JWT Builder?

Build a JWT from scratch by specifying the header algorithm, payload claims, and signing secret. The tool assembles the token in real time, letting you experiment with different claims and see the resulting encoded string. Perfect for generating test tokens during development.

How to use

  1. 1Select the signing algorithm (e.g., HS256).
  2. 2Enter your payload claims as JSON or use the form fields.
  3. 3Provide a signing secret.
  4. 4Copy the generated JWT from the output.
  5. 5Paste it into your application or API client for testing.

Key features

  • Support for HS256, HS384, and HS512 algorithms
  • Standard claim fields with validation (exp, iat, nbf, iss, sub, aud)
  • Custom claim editor
  • Real-time token generation
  • Automatic Base64URL encoding of header and payload
  • Expiration time picker with relative offsets (1 hour, 1 day, etc.)
  • Copy the complete token with one click

Common use cases

  • Local API testing

    Generate valid tokens to test authenticated endpoints without running a full auth server.

  • Prototyping auth flows

    Quickly create tokens with specific claims to simulate different user roles and permissions.

  • Documentation examples

    Build sample tokens for API documentation that show exactly what claims are expected.

  • Learning JWT structure

    See how changing the payload or algorithm affects the final encoded token.

How it works

The builder lets you define standard claims (iss, sub, aud, exp, iat) alongside custom claims, then signs the token using HMAC-SHA256 or another selected algorithm. Since this runs in your browser, it is ideal for creating tokens for local development and testing, but never use browser-generated secrets for production signing keys.

Frequently asked questions

Can I use RS256 or ES256?

The browser-based builder supports HMAC algorithms (HS256/384/512). Asymmetric algorithms like RS256 require key pair management that is better handled by server-side tools.

Should I use tokens generated here in production?

No. Use this for development and testing only. Production tokens should be issued by a proper auth server with securely managed keys.

What happens if I do not set an expiration?

The token will be valid indefinitely (until the signing key changes). It is best practice to always set a reasonable exp claim.

Is my signing secret sent anywhere?

No. The entire signing process happens locally in your browser.

Private by design

Conversions run on your device in JavaScript. The values you enter are never sent over the network.