JWT Builder
Build and sign JSON Web Tokens (JWT) in your browser — HS256/HS384/HS512 HMAC signatures, custom claims, presets for access/session/refresh tokens. Free, no signup.
- 100% free
- No signup
- Runs in your browser
Used 13.5K times today
How to Use JWT Builder
- 1
Pick an algorithm and secret
HS256 is the default for most APIs. Enter your HMAC secret — any string. For production always use a 256+ bit random secret.
- 2
Fill in header and payload
Or click a preset — Access token (15 min), Session (24 hr), Refresh token (30 days). Edit the JSON to add any custom claims.
- 3
Copy the signed JWT
The token updates live as you edit. Copy it, or click "Decode in JWT Decoder" to round-trip verify the output.
Frequently Asked Questions
Which algorithms does the JWT builder support?
Is my secret sent anywhere?
What are iat and exp claims?
How do I generate a strong HMAC secret?
What is the "none" algorithm?
Embed This Tool
Add this tool to your website for free. Just copy and paste the code below:
<iframe src="https://utilko.com/embed/jwt-builder/" width="100%" height="500" frameborder="0" title="JWT Builder"></iframe> About JWT Builder
The JWT Builder creates signed JSON Web Tokens in your browser using the Web Crypto API. Choose HS256, HS384, or HS512 for HMAC signatures, paste your secret, edit the header and payload as live JSON, and get a ready-to-use JWT with the signature computed instantly.
Presets cover the three most common token types: access tokens (15-minute expiry, aud/iss/scope claims), session tokens (24-hour expiry with role and email), and refresh tokens (30-day expiry with jti for revocation). Every preset is fully editable — add any custom claims you need.
The tool is designed to pair with the JWT Decoder for round-trip testing: build a token here, click "Decode" to verify the output, and iterate quickly on your authentication flows without touching a server. Nothing is transmitted — the signing key stays in your browser.
When to use JWT Builder vs a server library
- This tool — debug tokens, test API auth flows, generate test fixtures, teach yourself how JWTs work.
- Server library (jsonwebtoken, jose, PyJWT) — sign real production tokens. Never paste a production secret into a web page.
More Developer Tools Tools
JSON Formatter
Format, beautify, and validate JSON instantly. Paste raw JSON and get a clean, indented, human-readable output with syntax error detection.
JSON Minifier
Minify and compress JSON by removing whitespace and comments. Reduce JSON payload size instantly for faster API responses and smaller storage footprint.
JSON to CSV Converter
Convert JSON arrays to CSV format instantly. Transform nested JSON data into spreadsheet-ready CSV files with automatic header detection.
JSON to YAML Converter
Convert JSON to YAML format instantly online. Transform JSON config files, API schemas, and data structures into clean, readable YAML syntax.
Base64 Encoder / Decoder
Encode text or decode Base64 strings instantly online. Convert between plain text and Base64 encoding for data URLs, authentication headers, and API tokens.
URL Encoder / Decoder
Encode or decode URLs and query strings instantly. Convert special characters to percent-encoding and back for safe URL transmission and debugging.
HTML Encoder / Decoder
Encode special characters to HTML entities or decode HTML entities back to plain text. Prevent XSS and display HTML code safely in web pages.
UUID / ULID / Snowflake Generator
Generate UUID v1 / v4 / v7, ULID, NanoID, or Twitter Snowflake IDs — up to 10,000 at once. Cryptographically random, entirely in your browser, download as .txt.