JWT Encoder & Decoder

Create, decode, and verify JSON Web Tokens signed with HMAC algorithms

tools.jwt.encoder.sectionTitle

tools.jwt.encoder.headerLabel

tools.jwt.encoder.payloadLabel

tools.jwt.encoder.secretLabel

tools.jwt.encoder.algorithmLabel

tools.jwt.encoder.resultLabel

•JWT tokens are Base64Url-encoded, NOT encrypted. Anyone who holds the token can read the header and payload — never store passwords, private keys, or other sensitive data in a JWT payload.
•HMAC (HS256/HS384/HS512) creates a digital signature that proves the token was issued by the secret holder. The payload is still plaintext; the signature only ensures integrity.
•If you need to hide the payload, use JSON Web Encryption (JWE) as defined in RFC 7516. JWE wraps the token contents in a fully encrypted envelope — only the key holder can read it.
•One-line summary: Encoding = everyone can read; Signing (JWS) = everyone can read but only the secret holder can create; Encryption (JWE) = only the key holder can read.

tools.jwt.kb.headerBody

tools.jwt.kb.payloadBody

tools.jwt.kb.signatureBody

1JWT tokens are Base64Url-encoded, NOT encrypted. Anyone who holds the token can read the header and payload — never store passwords, private keys, or other sensitive data in a JWT payload.
2HMAC (HS256/HS384/HS512) creates a digital signature that proves the token was issued by the secret holder. The payload is still plaintext; the signature only ensures integrity.
3If you need to hide the payload, use JSON Web Encryption (JWE) as defined in RFC 7516. JWE wraps the token contents in a fully encrypted envelope — only the key holder can read it.
4One-line summary: Encoding = everyone can read; Signing (JWS) = everyone can read but only the secret holder can create; Encryption (JWE) = only the key holder can read.

Encode and decode Base64 strings

Calculate the SHA-256 hash of any text or file using the native Web Crypto API

Encode and decode URLs using Full URL (encodeURI) or URL Component (encodeURIComponent) modes