Free JWT Encoder & Decoder - HS256 Token Tool

Create signed JSON Web Tokens using HS256 (HMAC-SHA256) or decode existing JWT tokens to inspect their header and payload. All signing and decoding happens locally using the Web Crypto API, so your secrets and token data never leave your browser.

How to Encode a JWT

  1. Enter your header JSON (algorithm and token type)
  2. Enter your payload JSON (claims and custom data)
  3. Enter a secret key for HMAC signing
  4. Click Sign & Encode JWT to generate the token

How to Decode a JWT

  1. Switch to the Decode tab
  2. Paste your JWT token string
  3. Click Decode to view the header and payload

Features

Security Notes

Always use strong, randomly generated secrets for production JWT signing. Never share your signing secret with unauthorized parties. This tool is intended for development, testing, and learning purposes.

Privacy

All JWT operations happen locally in your browser. Your secrets and payloads are never transmitted.

Limitations

This tool supports HS256 signing only. It does not support RS256, ES256, or other asymmetric algorithms. For production verification, use your backend authentication library.

Last reviewed: July 2026.