JWT Decoder — Token Claim Inspector

Generate time-based one-time passwords from a TOTP secret key. Enter your base32 secret, choose a period and digit length, and get the current and next codes with a live countdown timer. Useful for testing and debugging 2FA integrations.

Generate Zod validation schema code from a JSON sample object. Infers z.string(), z.number(), z.boolean(), z.array(), z.object(), and z.null() types automatically. Handles nested objects, arrays of objects with optional field detection, and outputs copy-ready TypeScript with import and z.infer type alias.

Format, validate, and inspect JSON Lines (JSONL) and NDJSON files. Validates each line individually, reports parse errors by line number, outputs compact JSONL or a pretty-print preview, and lets you download the cleaned file.

Calculate screen width and height from diagonal size and aspect ratio. Convert between inches and centimeters for displays, TVs, and monitors with instant dimension calculations.

Calculate the information-theoretic bit entropy of any password or API key. Detects character set pools automatically, shows the total number of possible combinations, and estimates crack time across five attack scenarios from rate-limited web logins to GPU cracking clusters.

Check TLS protocol version compatibility and cipher suite strength ratings against current best practices. Supports IANA and OpenSSL cipher names — rates each suite as Strong, Weak, or Deprecated and explains why.

Scan pasted text, code, or config files for accidentally exposed API keys, tokens, passwords, and private keys. Detects 50+ secret types across AWS, GitHub, Stripe, OpenAI, and more — all client-side, nothing leaves your browser.

Validate TOML configuration file syntax and report errors with line numbers. Paste any TOML content — Cargo.toml, pyproject.toml, config.toml — and instantly see a green checkmark with key counts and structure stats, or a precise error message pointing to the exact line. Includes a collapsible JSON structure preview to confirm what was parsed.

Document a REST endpoint quickly by entering the URL, method, headers, and sample request/response. Generates formatted Markdown documentation and an example cURL command instantly.

Set a P99 SLO latency target and distribute the budget across your upstream service dependencies. See remaining headroom, utilization percentage, a stacked allocation bar, and a per-service breakdown with optional P99 actual measurements.

Configure max retries, initial delay, backoff multiplier, jitter, max delay cap, and retryable HTTP status codes to instantly generate ready-to-use retry policy code for Axios (with axios-retry), native Fetch API (Node 18+ and node-fetch), and Go net/http. Supports presets for Standard, Aggressive, Conservative, and Rate-Limit Aware policies. All code is generated in your browser — free, instant, no signup.

Validate and inspect OAuth tokens in your browser. Decode JWT access tokens and ID tokens to view claims, scopes, and expiry. Analyse opaque tokens for entropy and format. Free and private.

Generate structured, realistic mock data for API endpoint testing. Define fields with names and types — UUID, name, email, integer, enum, date, and more — set how many rows you need, and export as a JSON array, NDJSON, or CSV. All generation runs entirely in your browser with no data sent to any server.

Configure exponential backoff parameters and preview the full retry schedule for webhook delivery. Enter max attempts, initial delay, multiplier, jitter, and a max delay cap to instantly see each retry timestamp, cumulative elapsed time, jitter range, and which delays hit the cap. Supports presets for standard, aggressive, conservative, Stripe-style, and fixed-interval retry policies. Free and runs entirely in your browser.

Build and validate JSON-RPC 2.0 request and notification payloads with method and params. Fill in the method name, optional params (named or positional), and an id — the tool validates the input against the JSON-RPC 2.0 specification and outputs a formatted payload plus a ready-to-run curl command. Supports requests, fire-and-forget notifications, and batch arrays. Five presets cover the most common patterns. Free and runs entirely in your browser.

Generate RFC 7636 PKCE code verifier and challenge pairs for OAuth 2.0 authorization code flow. Choose verifier length, get the SHA-256 code challenge, and see exactly where each value goes in the auth URL and token exchange request.