Format, validate, convert and compare JSON, JWT, CSV, SQL and more — then chain them into reusable workflows. Your pasted tool data is processed locally in your browser and is not uploaded for tool processing, and you can share results as an AES-256 encrypted link.
Paste once and run multiple steps — decode, validate, sanitize and convert without leaving your browser.
Format, compare, convert and validate JSON, YAML, CSV, XML and SQL.
Decode JWTs, verify webhooks, convert cURL, inspect certs and OpenAPI.
Browse all Security & Auth tools →Base64, URL encoding, hex, hash generation and payload conversions.
Browse all Encode / Decode tools →Generate K8s manifests, lint Dockerfiles, build cron expressions, ship checklists.
Browse all DevOps & Config tools →UUIDs, timestamps, passwords, URL parsing, line tools, .env converters.
Browse all Utilities tools →Chain tools together
Pipe the output of one tool into the next. Build multi-step transforms without manual copy-paste.
Curated topic pages that group related tools, guides and workflows so you can go straight from a problem to the right utility.
JSON and API contract tools
Validate schemas, compare JSON payloads, generate patches and debug API examples.
Explore JSON & API contract tools →Security and debugging tools
Sanitize HAR files, verify webhook signatures, decode JWTs and inspect certificates.
Explore security & debugging tools →Data cleanup and QA tools
Compare CSV files, clean lists, find missing rows and generate SQL filters.
Explore data cleanup & QA tools →Role-oriented starting points: the daily tasks, recommended workflows and top tools for how you actually work.
Decode tokens, verify webhooks, validate schemas and debug responses.
Tools for API developers →Scan secrets and PII, sanitize HAR files, verify signatures.
Tools for security engineers →Compare exports, clean lists, find missing rows, build SQL filters.
Tools for data & QA engineers →Validate manifests, lint Dockerfiles, build cron, convert .env.
Tools for DevOps & SRE →Test regex, format JSON, parse URLs, decode Base64 and JWTs.
Tools for frontend developers →Four power features most tool sites don't have — all in your browser, no account.
Send your input as an AES-256 link — nothing hits a server.
Try it on a tool →Chain tools into a saved workflow — paste once, run many steps.
Build a workflow →Run release/QA checklists with built-in tool checks and evidence.
Open checklists →Sharpen real dev skills in a 3-minute daily puzzle. Keep a streak.
Play today's →Ten brand-new local-first tools — API contract checks, schema diffs, security linting, and more.
Diff two specs — breaking, risky, safe, or doc-only.
Find out why a request is blocked — and how to fix it.
OpenAPI → curl, Jest, Playwright, or Postman tests.
Flag secrets & dupes; export a redacted collection.
Compare CREATE TABLE DDL; get ALTER migration hints.
Lint manifests against pod-security best practices.
Schema-valid fake data from a JSON Schema (seeded).
Find hidden / zero-width / look-alike characters.
JSON, JS, SQL, regex, HTML & more — both directions.
Sortable IDs with timestamp decode, validate & export.
Your pasted tool data is processed locally in your browser and is not uploaded for tool processing.
Share tool state via URL fragment. The encryption key never touches the server — it lives only in the URL hash.
Pipe tool output directly into the next step. Build multi-stage transforms without copy-paste.
Paste unknown data — JSON, CSV, JWT, XML, YAML — and Magic Box routes you to the right tool.
JSON, HAR and share flows flag potential API keys, tokens and passwords before you share output.
No account is required. Anonymous usage analytics help us improve the site, and there are no ads on this site.