Developer
Toolin.io

How to Create a JWT Token

4 min readDeveloper

Generating JWT tokens is essential for testing authentication flows, mocking API requests, and debugging authorization logic. This guide shows you how to create JWTs with custom claims using a free browser tool.

Quick Steps

  1. 1
    Open JWT Generator

    Go to the JWT Generator on Toolin.

  2. 2
    Set the algorithm

    Choose HS256 or another signing algorithm.

  3. 3
    Add claims

    Define sub, exp, iss, and custom payload claims.

  4. 4
    Sign and copy

    Enter your secret, generate, and copy the JWT.

JWT Generator

Generate and sign JSON Web Tokens

Open Tool

Step-by-Step: Generate a JWT Token

1
Open the JWT Generator tool

Navigate to the JWT Generator on Toolin.

2
Set the header

Choose the signing algorithm (HS256, HS384, HS512, RS256, etc.) and token type.

3
Define the payload claims

Add standard claims like sub, iss, exp, iat, and any custom claims your application expects.

4
Enter the signing secret

Provide the secret key or private key used to sign the token.

5
Generate and copy

Click Generate to create the signed JWT. Copy the token for use in your API requests or tests.

Important Security Note

The JWT Generator processes everything locally in your browser. Never use production secrets or private keys in online tools that send data to a server. For development and testing, use dedicated test keys that are separate from your production credentials. Tokens generated for testing should use short expiration times to minimize risk if accidentally leaked.

Common JWT Use Cases in Development

  • Create test tokens for API endpoint testing.
  • Generate tokens with specific roles to test authorization logic.
  • Build tokens with custom expiration times for session testing.
  • Mock third-party authentication tokens for integration testing.
  • Create tokens with specific claims to reproduce reported bugs.
Try JWT Generator Now — Free, No Sign-up

Frequently Asked Questions

Which signing algorithm should I use?
HS256 (HMAC with SHA-256) is the most common for simple applications. RS256 (RSA with SHA-256) is preferred for distributed systems where the verifier should not have the signing key.
Can I create tokens without an expiration?
Technically yes, but it is strongly discouraged. Tokens without expiration remain valid indefinitely, creating a security risk. Always set an exp claim.
Is my secret key safe?
Toolin processes everything in your browser. The secret key never leaves your device. Still, use test-only keys rather than production secrets as a best practice.

100% Private & Secure

This tool runs entirely in your browser. Your files and data never leave your device.

Related How-To Guides

How to Format JSON

3 min read

How to Decode Base64

3 min read

How to Encode URL Parameters

3 min read

How to Write Regex

4 min read

How to Verify a File Checksum

4 min read

How to Compare Two Files

3 min read

Related Tools

JWT Decoder

Decode and inspect JWT tokens

JWT Debugger

Decode, inspect, and verify JWT tokens

JSON Formatter

Format and validate JSON data

Base64 Encoder

Encode and decode Base64 strings

URL Encoder

Encode and decode URL strings