Validate & Decode OAuth Tokens Instantly (JWT, OIDC, Opaque)

Generate time-based one-time passwords from a TOTP secret key. Enter your base32 secret, choose a period and digit length, and get the current and next codes with a live countdown timer. Useful for testing and debugging 2FA integrations.

Generate Zod validation schema code from a JSON sample object. Infers z.string(), z.number(), z.boolean(), z.array(), z.object(), and z.null() types automatically. Handles nested objects, arrays of objects with optional field detection, and outputs copy-ready TypeScript with import and z.infer type alias.

Format, validate, and inspect JSON Lines (JSONL) and NDJSON files. Validates each line individually, reports parse errors by line number, outputs compact JSONL or a pretty-print preview, and lets you download the cleaned file.

Scan pasted text, code, or config files for accidentally exposed API keys, tokens, passwords, and private keys. Detects 50+ secret types across AWS, GitHub, Stripe, OpenAI, and more — all client-side, nothing leaves your browser.

Check TLS protocol version compatibility and cipher suite strength ratings against current best practices. Supports IANA and OpenSSL cipher names — rates each suite as Strong, Weak, or Deprecated and explains why.

Calculate the information-theoretic bit entropy of any password or API key. Detects character set pools automatically, shows the total number of possible combinations, and estimates crack time across five attack scenarios from rate-limited web logins to GPU cracking clusters.

Validate TOML configuration file syntax and report errors with line numbers. Paste any TOML content — Cargo.toml, pyproject.toml, config.toml — and instantly see a green checkmark with key counts and structure stats, or a precise error message pointing to the exact line. Includes a collapsible JSON structure preview to confirm what was parsed.

Build Content Security Policy headers interactively. Toggle directives like script-src, style-src, and img-src, select allowed source tokens, and add custom origins. Instantly outputs your CSP as an HTTP header, meta tag, Nginx directive, or Apache header.

Validate OpenAPI 2.0 (Swagger) and OpenAPI 3.0/3.1 specification files for compliance, missing required fields, unresolved $ref paths, and schema errors. Paste JSON or YAML or upload a file — errors and warnings are listed by path with severity levels and actionable fix suggestions. All validation runs entirely in your browser.

Format and validate GraphQL query variables JSON for use in queries and API clients. Paste your variables JSON alongside a GraphQL query to instantly format the JSON, validate that each variable matches its declared type, catch missing required variables, and highlight undeclared extras.

Generate common HTTP request headers for authentication, content-type, caching, and security. Toggle each category, configure values, and copy the output as raw key-value pairs, JSON, fetch(), cURL, or axios.

Parse and visualize X-RateLimit headers from raw HTTP API responses. Paste response headers to instantly see your quota state — limit, remaining, used, and reset time — displayed as color-coded progress meters. Supports GitHub, OpenAI, Twitter/X, Shopify, and IETF standard rate limit headers.

Convert Postman Collection v2.1 JSON to OpenAPI 3.0 specification format. Upload or paste your collection, and get a downloadable openapi.yaml or openapi.json with mapped paths, parameters, request bodies, and example responses.

Test HTTP API endpoints directly in your browser. Make GET, POST, PUT, PATCH, and DELETE requests with custom headers and request bodies. View status codes, response headers, and pretty-printed JSON responses — all client-side, no server proxy.

Build CORS configuration headers interactively for web servers and APIs. Set allowed origins, methods, request headers, credentials, and preflight cache duration — then copy the generated Access-Control headers or ready-to-paste code snippets for nginx, Express.js, Flask, and .NET.

Document a REST endpoint quickly by entering the URL, method, headers, and sample request/response. Generates formatted Markdown documentation and an example cURL command instantly.