JWT Decoder reads an existing token and shows its contents. JWT Builder creates a new token from scratch — you define the payload (claims) and sign it with your secret key to produce a valid JWT.
This tool supports HS256 (HMAC-SHA256), HS384 (HMAC-SHA384), and HS512 (HMAC-SHA512). These are symmetric algorithms that use the same secret key to sign and verify.
This tool is ideal for development and testing. For production, sign JWTs server-side to keep your secret key private. Signing in the browser exposes the secret to anyone who can inspect your JavaScript.
Standard claims: sub (subject/user ID), iat (issued at — Unix timestamp), exp (expiration — Unix timestamp), iss (issuer), aud (audience). Custom claims can be any JSON key-value pair.