Free JWT Encoder & Decoder - HS256 Token Tool
Create signed JSON Web Tokens using HS256 (HMAC-SHA256) or decode existing JWT tokens to inspect their header and payload. All signing and decoding happens locally using the Web Crypto API, so your secrets and token data never leave your browser.
How to Encode a JWT
- Enter your header JSON (algorithm and token type)
- Enter your payload JSON (claims and custom data)
- Enter a secret key for HMAC signing
- Click Sign & Encode JWT to generate the token
How to Decode a JWT
- Switch to the Decode tab
- Paste your JWT token string
- Click Decode to view the header and payload
Features
- HS256 (HMAC-SHA256) signing using Web Crypto API
- Bi-directional encode and decode in one tool
- Local processing - secrets never leave your device
Security Notes
Always use strong, randomly generated secrets for production JWT signing. Never share your signing secret with unauthorized parties. This tool is intended for development, testing, and learning purposes.
Privacy
All JWT operations happen locally in your browser. Your secrets and payloads are never transmitted.
Limitations
This tool supports HS256 signing only. It does not support RS256, ES256, or other asymmetric algorithms. For production verification, use your backend authentication library.
Last reviewed: July 2026.