JWT Creator & Verifier

Sign and verify JSON Web Tokens with HMAC-SHA256

도구를 불러오는 중…

🔒 Everything runs 100% in your browser. Your files and input are never uploaded to any server.

Enter JSON for the Header and Payload to instantly generate a JWT signed with an HMAC-SHA256 secret, or paste an existing token to verify its signature and inspect the decoded content. It's handy for backend developers testing API auth tokens and frontend developers debugging tokens they receive, and since everything runs through the browser's Web Crypto API, your secret and tokens never leave your device.

How to use

  1. On the 'Create Token (Sign)' tab, enter the Header and Payload as JSON.
  2. Type your HMAC-SHA256 secret key and the JWT is generated automatically.
  3. Switch to the 'Verify Token' tab and paste the JWT you want to check.
  4. Enter the matching secret key to instantly see whether the signature is valid and view the decoded Header/Payload.

FAQ

Which signing algorithm does this tool use?
It only supports HMAC-SHA256 (HS256), a symmetric-key signing method. Asymmetric algorithms like RSA are not supported.
Is my secret key or token ever sent to a server?
No. All signing and verification happens locally in your browser using the Web Crypto API, and nothing is transmitted externally.
Why does verification show 'Failed'?
Either the secret key you entered doesn't match the one used to issue the token, or the token's contents were altered after it was signed.

← Back to all tools

가격 보기카톡 무료 상담