API & Security Tools

JWT (JSON Web Token) tokens authenticate API requests by encoding user identity and claims in three parts: header, payload, and signature. The JWT Decoder parses these sections without validating the signature, letting you inspect claims like user ID, expiration time, and permissions. This helps debug authentication issues, verify token contents during development, and understand API authorization. Never paste production tokens with real user data into online tools. The decoder shows decoded JSON but cannot verify signatures, which requires the secret key only your server knows.

cURL to Fetch conversion transforms command-line API examples into JavaScript code for browser or Node.js applications. API documentation often provides cURL examples because they are concise and platform-independent. The cURL to Fetch Converter parses cURL syntax, extracting URL, headers, request body, and HTTP method, then generates equivalent JavaScript Fetch API code. This accelerates integrating third-party APIs by converting documentation examples directly to working code. The converter handles authentication headers, JSON bodies, form data, and custom headers automatically.

Chmod calculator generates Unix/Linux file permission codes using read, write, and execute permissions for owner, group, and others. The Chmod Calculator provides a visual interface where you check permission boxes and get the numeric code (like 755 or 644). This prevents permission errors that expose files or break scripts. Common patterns include 644 for web files (owner reads/writes, others read), 755 for directories and executables (owner full access, others read and execute), and 600 for private files (owner-only access). Understanding permissions prevents security vulnerabilities from overly permissive files.

IBAN validation checks International Bank Account Numbers using country-specific formats and mod-97 check digits. The IBAN Validator verifies country code, length, and checksum in one step. Valid IBANs have 2-letter country codes, 2 check digits, then country-specific account details, totaling 15-34 characters. Validation catches typos in payment forms, confirms SEPA transfers, and validates customer-provided bank details. The validator details which validation step failed, helping users correct mistakes. IBANs replace older account numbers in European banking and international transfers.

Credit card number generation creates structurally valid test numbers that pass Luhn algorithm validation without being real, active cards. The Credit Card Generator produces numbers for Visa, Mastercard, American Express, and other networks, useful for testing payment gateway integration, e-commerce checkout flows, and form validation. Generated numbers pass format validation but fail authorization because they are not assigned to real accounts. Never use real credit card numbers in development or testing. Always use generators or official test numbers provided by payment processors for sandbox environments.

These tools form an API development and security testing toolkit. Decode JWT tokens when debugging authentication, convert cURL examples when integrating APIs, calculate file permissions when deploying applications, validate IBANs in payment forms, and generate test cards when building checkout flows. Together they cover common API security and testing scenarios.