Build, sign, and validate JSON Web Tokens (JWTs) using HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, or ES512.Edit header and payload claims interactively, inspect the decoded token, and verify signature integrity — all in your browser.
A JSON Web Token (JWT) is a compact, URL‑safe means of representing claims to be transferred between two parties. JWTs are widely used in modern authentication and authorization flows, particularly in OAuth 2.0, OpenID Connect, and RESTful API security. The token is digitally signed (or encrypted) so that the receiver can verify its authenticity and integrity.
JWT = Header Payload Signature
Base64URL(header) . Base64URL(payload) . Base64URL(signature)
The signature is computed over the concatenated header and payload using the chosen algorithm and secret/key.
A financial services company deployed an API gateway that authenticates incoming requests using JWTs. Each client receives a JWT after logging in, and the gateway validates the token's signature and expiration before routing requests to backend services. This approach eliminated session storage overhead, reduced latency by 40%, and simplified scaling across multiple data centers. The gateway uses RS256 signatures, where the private key is held by the authentication service and the public key is distributed to all gateways. This ensures that only the auth service can issue tokens, while any gateway can verify them without needing the private key.
The header typically consists of two fields: alg (the signing algorithm, e.g., HS256, RS256, ES256) and typ (the token type, almost always JWT).
Some implementations also include cty (content type) for nested tokens or kid (key ID) to assist with key rotation.
The payload contains the claims — statements about an entity (typically the user) and additional metadata. Claims are categorized as:
iss (issuer), sub (subject), aud (audience), exp (expiration), nbf (not before), iat (issued at), and jti (JWT ID).
https://example.com/role).
user_id, role, tenant.
The signature is created by taking the encoded header and payload, concatenating them with a period, and applying the cryptographic algorithm specified in the header. For symmetric algorithms (HS*), the signature uses a shared secret. For asymmetric algorithms (RS*, ES*), a private key is used for signing and a public key for verification. The signature ensures that the token has not been tampered with and, in the case of asymmetric algorithms, provides non‑repudiation.
| Algorithm | Type | Key Length | Use Case | Security Level |
|---|---|---|---|---|
| HS256 | Symmetric (HMAC) | ≥ 256 bits | Single‑party systems, internal APIs | High (if secret is strong) |
| HS384 | Symmetric (HMAC) | ≥ 384 bits | High‑security internal systems | Very high |
| HS512 | Symmetric (HMAC) | ≥ 512 bits | Maximum security internal systems | Extremely high |
| RS256 | Asymmetric (RSA) | 2048+ bits | Multi‑party systems, microservices | Very high (key‑dependent) |
| RS384 | Asymmetric (RSA) | 2048+ bits | High‑assurance multi‑party | Very high |
| RS512 | Asymmetric (RSA) | 2048+ bits | Maximum assurance multi‑party | Extremely high |
| ES256 | Asymmetric (ECDSA) | 256 bits (P‑256) | Resource‑constrained environments | High (elliptic curve) |
| ES384 | Asymmetric (ECDSA) | 384 bits (P‑384) | High‑security with smaller keys | Very high |
| ES512 | Asymmetric (ECDSA) | 521 bits (P‑521) | Maximum security, compact keys | Extremely high |
kid (key ID) in the header to support key versioning.
exp) — short‑lived tokens reduce the impact of leakage.
iss, aud, exp) on the receiving side.
openssl genrsa -out private.pem 2048.
For ECDSA: openssl ecparam -genkey -name prime256v1 -noout -out private-ec.pem.
Then paste the contents of the PEM file into the key field in this tool.
Never share your private key — it must remain confidential.