Generate, Decode & Verify JSON Web Tokens

Everything You Need for JWTs – In One Place

Signature Algorithm

HMAC

Choose the cryptographic algorithm for signing the JWT

Header

JSON

{
  "alg": "HS256",
  "typ": "JWT"
}

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload

JSON

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1755582780
}

{
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1755582780
}

Secret Key

HS256

Keep your secret key secure and never expose it in client-side code

⏳ Format Validation

Signature Validation

JWT Token

Auto-generates when you modify the configuration above

Contains metadata about the token, including the algorithm used to sign it.

Contains the claims (statements about an entity and additional data).

Used to verify that the sender of the JWT is who it says it is.

iss (Issuer)

sub (Subject)

aud (Audience)

exp (Expiration)

iat (Issued At)

nbf (Not Before)

JWT tokens are signed, not encrypted. Don't include sensitive information in the payload unless you encrypt the token separately.

Automatically decode tokens as you paste

Instant validation of JWT structure