🎫

Generate JWT

Generate signed JSON Web Tokens with HMAC or RSA/EC algorithms.

POST 1 credit /v1/auth/jwt-generate

curl -X POST "https://auth.toolkitapi.io/v1/auth/jwt-generate" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "payload": {"sub": "user_123", "role": "admin"},
    "secret": "my-secret-key",
    "algorithm": "HS256",
    "expires_in": 3600
  }'

import httpx

resp = httpx.post(
    "https://auth.toolkitapi.io/v1/auth/jwt-generate",
    json={
    "payload": {"sub": "user_123", "role": "admin"},
    "secret": "my-secret-key",
    "algorithm": "HS256",
    "expires_in": 3600
  },
)
print(resp.json())

const resp = await fetch("https://auth.toolkitapi.io/v1/auth/jwt-generate", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    "payload": {"sub": "user_123", "role": "admin"},
    "secret": "my-secret-key",
    "algorithm": "HS256",
    "expires_in": 3600
  }),
});
const data = await resp.json();
console.log(data);

# See curl example

Response 200 OK

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzEyMyIsInJvbGUiOiJhZG1pbiIsImV4cCI6MTcxMjcwMjQwMH0.abc123signature",
  "header": {"alg": "HS256", "typ": "JWT"},
  "expires_at": "2026-04-14T22:00:00+00:00"
}

Try It Live

Description

Generate signed JSON Web Tokens with HMAC or RSA/EC algorithms.

How to Use

1

1. Define your JWT `payload` as a JSON object with your claims (e.g., `sub`, `role`, `iss`).

2

2. Provide the signing `secret` — a string for HMAC algorithms, or a PEM private key for RSA/EC.

3

3. Choose an `algorithm` (defaults to `HS256`) and optionally set `expires_in` for automatic expiry.

4

4. Send a POST request and use the returned `token` string in your `Authorization: Bearer` headers.

About This Tool

The Generate JWT endpoint creates a signed JSON Web Token from a given payload, secret key, and algorithm. JWTs are the standard mechanism for stateless authentication, authorization, and secure information exchange between services.

The endpoint supports HMAC symmetric algorithms (HS256, HS384, HS512) and RSA/EC asymmetric algorithms (RS256, RS384, RS512, ES256, ES384, ES512). For asymmetric algorithms, provide a PEM-encoded private key as the secret.

You can optionally set an expiration time using `expires_in` (seconds from now), which automatically adds an `exp` claim to the payload. The response includes the encoded token, the JWT header, and the expiration timestamp if set.

Why Use This Tool

API authentication — Issue JWTs for stateless user authentication
Service-to-service auth — Generate tokens for microservice communication
Session tokens — Replace server-side sessions with signed JWTs
Temporary access grants — Issue short-lived tokens with `expires_in` for time-limited access
Claims-based authorization — Embed roles, permissions, or scopes in the payload

Frequently Asked Questions

Which algorithm should I choose?

Use `HS256` for simple cases where the same secret is shared between issuer and verifier. Use `RS256` or `ES256` when the verifier should only have a public key (e.g., distributed systems, third-party verification).

Can I add custom claims to the payload?

Yes. The `payload` field accepts any JSON object. Standard claims like `sub`, `iss`, `aud`, and `iat` are common, but you can add any custom fields your application needs.

What happens if I don't set expires_in?

The token will have no `exp` claim and won't expire. This is generally not recommended for security — always set an expiry for production tokens.

Can I use PEM keys generated by the generate-keypair endpoint?

Yes. Generate an RSA or EC keypair, use the private key as the `secret` for signing, and the public key for verification with the jwt-verify endpoint.

Start using Generate JWT now

Get your free API key and make your first request in under a minute.

Get Free API Key View Docs