JWT from cURL Composer
Build a cURL command with a freshly-signed JWT in the Authorization: Bearer header. Useful for hitting authenticated API endpoints from the terminal during development, or for quickly testing whether a backend accepts your test JWT.
How to use the JWT from cURL Composer
Set the URL, method, payload, and secret. The tool signs a fresh JWT (HS256) with your payload and outputs a full cURL command. The "Set iat/exp" button replaces those claims with current timestamps so the token verifies as fresh.
Building a cURL request with a signed JWT
Testing an authenticated endpoint from the terminal means attaching a valid token, and hand-crafting a JWT — base64url-encoding the header and payload, computing the HMAC signature, then pasting it into an Authorization header — is tedious and easy to botch, leaving you debugging a 401 that is really a malformed token.
This signs a fresh HS256 JWT from your payload and secret and drops it into a complete cURL command with an Authorization: Bearer header, with a one-click option to set iat to now and exp an hour out so the token verifies as current. Once you have the command, convert it to code with the cURL to Python or cURL to JavaScript converters; for many languages at once, the multi-language cURL converter.
Common use cases
- Terminal testing — hit an authenticated endpoint with a valid bearer token.
- Fresh tokens — set iat/exp to now so the token is not expired.
- Backend checks — confirm an API accepts a correctly signed JWT.
- Negative testing — tweak the payload or secret to test rejection.
- Reproduce a bug — recreate a request with a specific claim set.