Is it safe to decode a real production token here?

Yes. The Base64 decoder runs entirely in your browser using atob — nothing is uploaded. That said, treat any decoded secret as already compromised if it was ever shared elsewhere.

Which hashing algorithms are supported?

The Hash Generator supports SHA-1, SHA-256, SHA-384 and SHA-512 via SubtleCrypto, plus MD5 via a small JavaScript implementation for legacy use.

Does the JSON formatter validate as it pretty-prints?

Yes. Invalid JSON raises a clear error with the position of the problem rather than silently producing broken output.

What's the difference between encodeURIComponent and encodeURI?

encodeURI preserves reserved characters used by a full URL (like : / ? &), while encodeURIComponent escapes them. The URL Encoder lets you pick the right one for your context.

Free Online Developer Tools

Daily dev utilities you can trust with real tokens and payloads.

Your files never leave your device. No upload. No sign-up.

Developers paste real things into these tools — JWTs, API responses, internal URLs, password hashes. That makes server-side dev utilities a genuine security risk. SwiftTooly's encoder, formatter and hashing tools all run inside your browser, so you can decode that production Base64 string or hash that real password without worrying that it's now sitting in someone's request log.

4 developer tools

Base64 Encoder / Decoder

Encode text to Base64 or decode it back instantly.

JSON Formatter

Beautify, minify, and validate JSON in the browser.

Hash Generator

Generate MD5, SHA-1, and SHA-256 hashes from any text.

URL Encoder / Decoder

Percent-encode or decode URLs and query strings.

Why use SwiftTooly's developer tools

Token-safe

Decode JWTs and Base64 payloads without sending them through a third party's logs.

Standard algorithms

Hashes come from SubtleCrypto: SHA-1, SHA-256, SHA-384 and SHA-512, native to the browser.

Deterministic output

No AI cleanup, no opinionated formatting beyond what you ask for.

Copy-friendly

One-click copy, monospace output, clear error messages on malformed input.

Browser-based vs upload-to-server

SwiftTooly (browser)

Encoding, decoding and hashing run via TextEncoder, atob/btoa and SubtleCrypto inside the tab — fully offline-capable.

Typical upload-to-server tools

Online dev utilities frequently log payloads for debugging or analytics, which is the last place a production secret should end up.

Frequently asked questions

Is it safe to decode a real production token here?: Yes. The Base64 decoder runs entirely in your browser using atob — nothing is uploaded. That said, treat any decoded secret as already compromised if it was ever shared elsewhere.
Which hashing algorithms are supported?: The Hash Generator supports SHA-1, SHA-256, SHA-384 and SHA-512 via SubtleCrypto, plus MD5 via a small JavaScript implementation for legacy use.
Does the JSON formatter validate as it pretty-prints?: Yes. Invalid JSON raises a clear error with the position of the problem rather than silently producing broken output.
What's the difference between encodeURIComponent and encodeURI?: encodeURI preserves reserved characters used by a full URL (like : / ? &), while encodeURIComponent escapes them. The URL Encoder lets you pick the right one for your context.