snaptools
J
JWT Encoder error
Secret
// about this tool

JWT Encoder Online

Updated 2026-07-09

Build and sign a JSON Web Token online, entirely in your browser. Enter a JSON payload and a secret, pick HS256, HS384, or HS512, and SnapTools constructs the header, Base64URL-encodes both parts, and computes the HMAC signature — giving you a real, spec-compliant token instantly. Nothing is uploaded: since the signature is just a local HMAC computation, your secret never needs to leave your machine.

This is the natural companion to the JWT Decoder: inspect a token you received, or build one to test against your own backend or another library. The generated token verifies correctly anywhere — paste it into the JWT Decoder with the same secret to confirm the round trip.

// how to use

  1. 1 Paste a JSON payload (the claims) into the input panel — sub, name, iat, exp, or any custom claims.
  2. 2 Enter a signing secret and pick an algorithm (HS256, HS384, or HS512).
  3. 3 SnapTools builds the header, encodes both parts, and signs the result — copy the token on the right.

// examples

A basic signed token
Input
{"sub":"1234567890","name":"Ada Lovelace","iat":1516239022}
Output
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFkYSBMb3ZlbGFjZSIsImlhdCI6MTUxNjIzOTAyMn0.<signature>

// common uses

Generating a test token for API development Debugging authentication flows that expect a specific payload Learning how a JWT's three parts are constructed Producing a token to test against a decoder or backend

// faq

No. The token is built and signed entirely in your browser, so your secret never leaves your machine — it never needs to, since a JWT signature is just an HMAC computed locally.
The HMAC family — HS256, HS384, and HS512. These cover the vast majority of real-world JWT use (API auth, session tokens); public/private key algorithms (RS/ES) need a key pair, not a shared secret, and aren't in scope for a quick encoder.
The header defaults to {"alg":"...","typ":"JWT"} automatically. Most use cases only need the payload — this tool focuses on getting a valid, correctly signed token quickly.
Yes — it's a standard, spec-compliant JWT. Paste it into the JWT Decoder (or any other JWT library) with the same secret and it verifies correctly.
No — treat this as a testing/debugging tool. Use a throwaway or example secret, not a production signing key, even though nothing is uploaded.

Use this via API

Get a free API key →
curl -X POST https://snaptools.dev/api/v1/tools/jwt-encoder \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"payload":"{\"sub\":\"1234567890\",\"name\":\"Ada Lovelace\",\"iat\":1516239022}"}'
Esc
↑↓ navigate open Esc close