{"id":4513,"date":"2025-07-30T09:04:49","date_gmt":"2025-07-30T09:04:49","guid":{"rendered":"https:\/\/signmycode.com\/resources\/?p=4513"},"modified":"2025-07-30T09:04:51","modified_gmt":"2025-07-30T09:04:51","slug":"how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io","status":"publish","type":"post","link":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io","title":{"rendered":"How to Sign and Validate JSON Web Tokens (JWT) using jwt.io?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/signmycode.com\/blog\/what-is-json-web-token-jwt-structure-features-authentication-best-practices\">JSON Web Tokens (JWTs)<\/a> are now the de facto means to log in securely and share data between people. They are lightweight, URL-safe, and may be signed or encrypted. A great way to play with JWTs is at jwt.io, a useful site that helps you create, sign, and validate JWTs.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This article demonstrates how to generate, sign, and verify JWTs using jwt.io. It also provides command-line utilities such as OpenSSL and third-party utilities such as <a href=\"https:\/\/signmycode.com\/digicert-software-trust-manager\">DigiCert Software Trust Manager<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is JWT Structure?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>A JWT has three base64URL-encoded components:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>JWT =<\/strong> <strong>Base64Url(Header) + &#8216;.&#8217; + Base64Url(Payload) + &#8216;.&#8217; + Base64Url(Signature)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Header:<\/strong> Contains information related to the token, such as the algorithm utilized (e.g., RS256).<\/li>\n\n\n\n<li><strong>Payload: <\/strong>Carries the claims (user data) like sub, name, admin, etc.<\/li>\n\n\n\n<li><strong>Signature: <\/strong>Verifies the token wasn\u2019t altered and confirms its authenticity.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Sample Header:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em>{\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \"alg\": \"RS256\",\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \"typ\": \"JWT\"\n}<\/em><\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Sample Payload:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em>{\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \"sub\": \"1234567890\",\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \"name\": \"John Doe\",\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \"admin\": true,\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \"iat\": 1516239022\n}<\/em><\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Recommended:<\/strong> <a href=\"https:\/\/signmycode.com\/blog\/what-is-json-web-token-jwt-structure-features-authentication-best-practices\">What is JSON Web Token (JWT)? Structure, Features, Authentication &amp; Best Practices<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Create Header and Payload on jwt.io<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Visit<a href=\"https:\/\/jwt.io\"> https:\/\/jwt.io<\/a>.<\/li>\n\n\n\n<li>In the <strong>Encoded field<\/strong>, put in your JWT format.<\/li>\n\n\n\n<li><strong>In the Decoded section:<\/strong><br>&#8211; Place the header in the left box.<br>&#8211; Place the payload (claims) in the appropriate box.<\/li>\n\n\n\n<li><strong>Choose the algorithm<\/strong> (e.g., RS256) and <strong>other fields<\/strong> you wish to sign.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Base64URL Encode the Header and Payload<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">JWT expects base64URL-encoded data (not raw Base64). <strong>The main differences:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Base64URL replaces <strong>+ with &#8211;<\/strong>, <strong>\/ with _<\/strong>, and <strong>strips the padding =<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This makes the token safe for URL transmission.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Data Type<\/strong><\/td><td><strong>Output<\/strong><\/td><\/tr><tr><td>Header (Base64URL)<\/td><td>eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9<\/td><\/tr><tr><td>Payload (Base64URL)<\/td><td>eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Generate Signature using SHA256 and RSA (RS256)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You now have: <em><strong>Y = Base64Url(Header) + &#8216;.&#8217; + Base64Url(Payload)<\/strong><\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Step 1. Generate a Hash of Y<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Hash the concatenated string using OpenSSL or CertUtil.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>OpenSSL:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em>openssl dgst -sha256 \"path_to_Y\"<\/em><\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>CertUtil:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em>certutil -hashfile \"path_to_Y\" SHA256<\/em><\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">This returns a SHA256 hash as hex.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Step 2: Hex to Base64<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Visit <em><strong>https:\/\/www.base64.guru\/converter\/encode\/hex<\/strong><\/em> to encode the hash in Base64.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Sign the Hash with a Private Key (optional via API)<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>You may sign the Base64 hash with:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use the REST API with Postman (if your key manager or CA supports it).<\/li>\n\n\n\n<li>DigiCert Software Trust Manager requires a key pair and access.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>This generates a Base64-encoded signature. Sample Signed Hash (Base64):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em>gEH7jLqeT4zBSDeQsFJihB8n\/cshG8A53fiGQ3TbX1M=<\/em><\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Convert the Signature to Base64URL<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">As JWT requires Base64URL, replace the signature with <a href=\"https:\/\/base64url.com\">https:\/\/base64url.com<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Computed JWT Signature (Base64URL):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em>gEH7jLqeT4zBSDeQsFJihB8n_cshG8A53fiGQ3TbX1M<\/em><\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><a><\/a>Construct the JWT Token<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Now Combine all Three Pieces:<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em><strong>JWT = Base64Url(Header) + &#8216;.&#8217; + Base64Url(Payload) + &#8216;.&#8217; + Base64Url(Signature)<\/strong><\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Last Token:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><em>eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.gEH7jLqeT4zBSDeQsFJihB8n_cshG8A53fiGQ3TbX1M<\/em><\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Verify the JWT Signature.<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>To ensure that the JWT is not tampered with:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Access <a href=\"http:\/\/jwt.io\">jwt.io<\/a>.<\/li>\n\n\n\n<li><strong>Paste the entire JWT token<\/strong> into the Encoded field.<\/li>\n\n\n\n<li>In the <strong>Verify Signature field<\/strong>, enter the public key that corresponds to the private key used for signing.<\/li>\n\n\n\n<li><strong>If the signature is valid<\/strong>, you&#8217;ll receive a success message.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Best Practices for JWT Security<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use <strong>trusted signing mechanisms<\/strong> (use RS256 instead of HS256).<\/li>\n\n\n\n<li>Specify token expiration (<strong>exp<\/strong>) and not-before (<strong>nbf<\/strong>) claims.<\/li>\n\n\n\n<li><strong>Never store sensitive information<\/strong> in the payload since it is encoded, not encrypted.<\/li>\n\n\n\n<li>Always <strong>verify tokens on the server side<\/strong> via the public key.<\/li>\n\n\n\n<li><strong>Alternate keys<\/strong> and store them securely.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><a><\/a>Conclusion<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">\u00a0If you require signing certificates to sign APIs, secure information, or provide digital authenticity, SignMyCode provides <a href=\"https:\/\/signmycode.com\/buy-code-signing-certificates\">reliable signing certificates for code<\/a> and convenient support with JWT signing and verification.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>JSON Web Tokens (JWTs) are now the de facto means to log in securely and share data between people. They are lightweight, URL-safe, and may be signed or encrypted. A great way to play with JWTs is at jwt.io, a useful site that helps you create, sign, and validate JWTs. This article demonstrates how to&hellip; <a class=\"more-link\" href=\"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io\">Read More <span class=\"screen-reader-text\">How to Sign and Validate JSON Web Tokens (JWT) using jwt.io?<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":4517,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,437],"tags":[613,614],"class_list":["post-4513","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-code-signing-tutorials","category-windows-security","tag-sign-json-web-tokens","tag-sign-jwt-using-jwt-io","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Sign and Validate JSON Web Tokens using jwt.io?<\/title>\n<meta name=\"description\" content=\"Explore a step-by-step tutorial on signing and validating JWT using jwt.io. It includes Create Header and Payload, Generate Signature, Sign Hash &amp; more.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Sign and Validate JSON Web Tokens using jwt.io?\" \/>\n<meta property=\"og:description\" content=\"Explore a step-by-step tutorial on signing and validating JWT using jwt.io. It includes Create Header and Payload, Generate Signature, Sign Hash &amp; more.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io\" \/>\n<meta property=\"og:site_name\" content=\"SignMyCode - Resources\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-30T09:04:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-30T09:04:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/07\/sign-validate-jwt-using-jwt-io.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"912\" \/>\n\t<meta property=\"og:image:height\" content=\"453\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Sign_My_Code\" \/>\n<meta name=\"twitter:site\" content=\"@Sign_My_Code\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#\\\/schema\\\/person\\\/2e80276fd34fd5439c04cd3cb96a389f\"},\"headline\":\"How to Sign and Validate JSON Web Tokens (JWT) using jwt.io?\",\"datePublished\":\"2025-07-30T09:04:49+00:00\",\"dateModified\":\"2025-07-30T09:04:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io\"},\"wordCount\":569,\"publisher\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/sign-validate-jwt-using-jwt-io.webp\",\"keywords\":[\"Sign JSON Web Tokens\",\"Sign JWT using jwt.io\"],\"articleSection\":[\"Code Signing Tutorials\",\"Windows Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io\",\"name\":\"How to Sign and Validate JSON Web Tokens using jwt.io?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/sign-validate-jwt-using-jwt-io.webp\",\"datePublished\":\"2025-07-30T09:04:49+00:00\",\"dateModified\":\"2025-07-30T09:04:51+00:00\",\"description\":\"Explore a step-by-step tutorial on signing and validating JWT using jwt.io. It includes Create Header and Payload, Generate Signature, Sign Hash & more.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#primaryimage\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/sign-validate-jwt-using-jwt-io.webp\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2025\\\/07\\\/sign-validate-jwt-using-jwt-io.webp\",\"width\":912,\"height\":453,\"caption\":\"Sign JWT using jwt.io Tool\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Sign and Validate JSON Web Tokens (JWT) using jwt.io?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#website\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/\",\"name\":\"SignMyCode - Resources\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#organization\",\"name\":\"SignMyCode\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/logo1.png\",\"contentUrl\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/logo1.png\",\"width\":135,\"height\":86,\"caption\":\"SignMyCode\"},\"image\":{\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Sign_My_Code\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/signmycode.com\\\/resources\\\/#\\\/schema\\\/person\\\/2e80276fd34fd5439c04cd3cb96a389f\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web\\\/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.\",\"sameAs\":[\"http:\\\/\\\/smcresources.ssltoolsonline.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Sign and Validate JSON Web Tokens using jwt.io?","description":"Explore a step-by-step tutorial on signing and validating JWT using jwt.io. It includes Create Header and Payload, Generate Signature, Sign Hash & more.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io","og_locale":"en_US","og_type":"article","og_title":"How to Sign and Validate JSON Web Tokens using jwt.io?","og_description":"Explore a step-by-step tutorial on signing and validating JWT using jwt.io. It includes Create Header and Payload, Generate Signature, Sign Hash & more.","og_url":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io","og_site_name":"SignMyCode - Resources","article_published_time":"2025-07-30T09:04:49+00:00","article_modified_time":"2025-07-30T09:04:51+00:00","og_image":[{"width":912,"height":453,"url":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/07\/sign-validate-jwt-using-jwt-io.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@Sign_My_Code","twitter_site":"@Sign_My_Code","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#article","isPartOf":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io"},"author":{"name":"Janki Mehta","@id":"https:\/\/signmycode.com\/resources\/#\/schema\/person\/2e80276fd34fd5439c04cd3cb96a389f"},"headline":"How to Sign and Validate JSON Web Tokens (JWT) using jwt.io?","datePublished":"2025-07-30T09:04:49+00:00","dateModified":"2025-07-30T09:04:51+00:00","mainEntityOfPage":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io"},"wordCount":569,"publisher":{"@id":"https:\/\/signmycode.com\/resources\/#organization"},"image":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#primaryimage"},"thumbnailUrl":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/07\/sign-validate-jwt-using-jwt-io.webp","keywords":["Sign JSON Web Tokens","Sign JWT using jwt.io"],"articleSection":["Code Signing Tutorials","Windows Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io","url":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io","name":"How to Sign and Validate JSON Web Tokens using jwt.io?","isPartOf":{"@id":"https:\/\/signmycode.com\/resources\/#website"},"primaryImageOfPage":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#primaryimage"},"image":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#primaryimage"},"thumbnailUrl":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/07\/sign-validate-jwt-using-jwt-io.webp","datePublished":"2025-07-30T09:04:49+00:00","dateModified":"2025-07-30T09:04:51+00:00","description":"Explore a step-by-step tutorial on signing and validating JWT using jwt.io. It includes Create Header and Payload, Generate Signature, Sign Hash & more.","breadcrumb":{"@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#primaryimage","url":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/07\/sign-validate-jwt-using-jwt-io.webp","contentUrl":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2025\/07\/sign-validate-jwt-using-jwt-io.webp","width":912,"height":453,"caption":"Sign JWT using jwt.io Tool"},{"@type":"BreadcrumbList","@id":"https:\/\/signmycode.com\/resources\/how-to-sign-and-validate-json-web-tokens-jwt-using-jwt-io#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/signmycode.com\/resources\/"},{"@type":"ListItem","position":2,"name":"How to Sign and Validate JSON Web Tokens (JWT) using jwt.io?"}]},{"@type":"WebSite","@id":"https:\/\/signmycode.com\/resources\/#website","url":"https:\/\/signmycode.com\/resources\/","name":"SignMyCode - Resources","description":"","publisher":{"@id":"https:\/\/signmycode.com\/resources\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/signmycode.com\/resources\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/signmycode.com\/resources\/#organization","name":"SignMyCode","url":"https:\/\/signmycode.com\/resources\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/signmycode.com\/resources\/#\/schema\/logo\/image\/","url":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2021\/11\/logo1.png","contentUrl":"https:\/\/signmycode.com\/resources\/wp-content\/uploads\/2021\/11\/logo1.png","width":135,"height":86,"caption":"SignMyCode"},"image":{"@id":"https:\/\/signmycode.com\/resources\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Sign_My_Code"]},{"@type":"Person","@id":"https:\/\/signmycode.com\/resources\/#\/schema\/person\/2e80276fd34fd5439c04cd3cb96a389f","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/74a1328bbec77f3a65123c2396050e61b60fe3831478ceb96b55e5a0fe44e370?s=96&d=blank&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web\/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.","sameAs":["http:\/\/smcresources.ssltoolsonline.com"]}]}},"_links":{"self":[{"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/posts\/4513","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/comments?post=4513"}],"version-history":[{"count":2,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/posts\/4513\/revisions"}],"predecessor-version":[{"id":4516,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/posts\/4513\/revisions\/4516"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/media\/4517"}],"wp:attachment":[{"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/media?parent=4513"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/categories?post=4513"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/signmycode.com\/resources\/wp-json\/wp\/v2\/tags?post=4513"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}