365tools
Dev Tools

Developer Tools

JSON formatting, Base64 encoding, cryptographic hashing, and JWT generation — all running in your browser. No account, no upload.

JSON Formatter

Format, minify and validate JSON. Syntax-error highlighting with exact position.

FormatMinifyValidate
Open tool

Base64 Encoder / Decoder

Encode text or files to Base64, decode Base64 to text. URL-safe mode supported.

EncodeDecodeURL-safeFile support
Open tool

Hash Generator

Generate SHA-256, SHA-384 and SHA-512 hashes. Generate secure secrets for NextAuth / Auth.js.

SHA-256SHA-512NextAuth secret
Open tool

JWT Generator & Decoder

Sign JWT tokens with HS256/HS384/HS512, or decode any token to inspect its header and payload.

HS256HS512GenerateDecode
Open tool

Why use 365tools developer utilities?

Web Crypto API — browser-native

Hashing and JWT signing use crypto.subtle — the browser's built-in cryptographic API. No third-party library touches your secrets.

Nothing leaves your device

Your API keys, secrets, JWTs, and JSON payloads are processed in memory and never transmitted over the network.

Instant, no queue

All operations run locally — no server round-trip means results appear in milliseconds regardless of your internet speed.

Common use cases

Debug API responses

Paste raw JSON from Postman or curl and format it instantly to spot errors.

Embed images in HTML

Encode any image file to Base64 data URL for inline use in HTML, CSS, or JSON.

Rotate NextAuth secrets

Generate a cryptographically random AUTH_SECRET in one click — equivalent to openssl rand -base64 32.

Inspect third-party JWTs

Paste any JWT to decode its header and payload without a server round-trip or sharing credentials.

How it works — browser-native APIs, no server

Every tool in this suite uses APIs that are built into your browser. The JSON formatter uses JSON.parse and JSON.stringify. Base64 encoding uses btoa() / atob(). SHA hashing and JWT signing use crypto.subtle — the W3C Web Crypto API available in every modern browser.

No JavaScript bundle for cryptography is downloaded from an external CDN. No data leaves your device. All computation happens on your own CPU inside your browser tab.

Frequently Asked Questions

Q
Are these developer tools safe to use with real secrets?
A
Yes. All tools run entirely in your browser. The JSON formatter uses JSON.parse/stringify, Base64 uses btoa/atob, hashing and JWT signing use the browser's Web Crypto API (crypto.subtle). Nothing is ever sent to a server.
Q
Does the JWT decoder verify signatures?
A
No. The decoder shows the decoded header and payload without verifying the HMAC signature. Signature verification requires the secret key. Always verify signatures server-side before trusting JWT claims.
Q
Can I use SHA-256 to hash passwords?
A
No. SHA-256 is too fast — attackers can compute billions of guesses per second. Use bcrypt, scrypt, or Argon2 for passwords. SHA-256 is appropriate for checksums, API key hashing, and HMAC operations.
Q
What is a NextAuth / Auth.js secret?
A
AUTH_SECRET (or NEXTAUTH_SECRET in v4) is a random string used to sign session cookies and tokens in Next.js authentication. It must be at least 32 bytes of random data. The generator creates a cryptographically random 32-byte URL-safe Base64 string.
Q
What is URL-safe Base64?
A
Standard Base64 uses + and / which have special meanings in URLs. URL-safe Base64 replaces + with - and / with _, and omits = padding — safe for use in URLs, headers, and filenames without percent-encoding.
Q
Do these tools work offline?
A
After the initial page load, all tools work without a network connection. The JSON formatter, Base64 encoder, and hash generator require no external resources. The JWT tool uses only the Web Crypto API.