RunToolz iconRunToolz
Welcome to RunToolz!
Regex Tester
Base64 Encoder/Decoder
Color Converter
JWT Decoder
Code Minify/Beautify
URL Encoder/Decoder
UUID Generator
Hash Generator
Timestamp Converter
Cron Expression Parser
HTTP Status Codes
User Agent Parser
JSON Formatter
Character Counter
Text Diff
Markdown Editor
SQL Formatter
Image Converter
Image Resize
Image Compress
Image Crop
SVG Optimizer
Favicon Generator
Image to Base64
Image Vectorizer
PDF Merge
PDF to Image
PDF Split
HTML to PDF
CSV to JSON
YAML to JSON
XML to JSON
QR Code Generator
Password Generator
Unit Converter
Barcode Generator
Lorem Ipsum Generator
BlogAboutPrivacyTermsContact
APIBackendDeveloper Tools

API Development Toolkit: Debug Faster, Ship Sooner

JWT debugging, HTTP status codes, JSON formatting, Base64 encoding, and URL encoding — the essential browser tools for API developers.

RunToolz TeamJanuary 24, 20264 min read

It's 3 PM and your API is returning a 401. The token looks valid. The endpoint is correct. The request headers seem fine.

You paste the JWT into a decoder and immediately see the problem: the exp claim expired 12 minutes ago. Your token refresh logic has a bug.

That five-second decode just saved you an hour of staring at code.

JWT Debugging Is a Daily Task

If you work with any modern API, you deal with JWTs constantly. Login tokens, service-to-service auth, OAuth flows — they're everywhere.

The problem is that a JWT looks like meaningless gibberish:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

What claims does it have? When does it expire? What algorithm was used to sign it? You can't tell by looking.

Ready to try it yourself?Decode JWT Tokens

Paste the token, instantly see the header, payload, and expiration. No libraries to install. No code to write. Just answers.

HTTP Status Codes: Beyond 200 and 404

Quick — what's the difference between 401 and 403? What about 502 vs 503? When should you return 409 vs 422?

Most developers know the common ones, but APIs return dozens of different status codes. When you get an unexpected 429 or a confusing 307, you need to know exactly what it means.

An HTTP status code reference tells you what each code means, when to use it, and common causes. Faster than Googling, and you don't have to sift through Stack Overflow debates.

JSON Formatting Is Not Optional

APIs send JSON. APIs receive JSON. And most of the time, that JSON arrives as a single compressed line with no whitespace.

{"users":[{"id":1,"name":"Alice","roles":["admin","editor"],"settings":{"theme":"dark","notifications":{"email":true,"push":false}}}]}

Try finding a missing comma in that. Or checking if a nested field exists. Or comparing two responses.

Ready to try it yourself?Format JSON

Paste in your compressed JSON, get it formatted with proper indentation. Now you can actually read it, spot errors, and compare structures.

Base64: The Auth Header Secret

API authentication often involves Base64 encoding. Basic Auth headers are username:password Base64-encoded. Binary data in JSON payloads gets Base64-encoded. Certificate contents, webhook signatures, encrypted values — all Base64.

When something isn't working, you need to decode what's actually being sent. Or you need to encode a new value to test with.

A Base64 encoder/decoder handles both directions instantly. Paste the encoded string, see the original value. Type a new value, get the encoded version.

Common debugging scenario: your Basic Auth header is failing. Decode it and discover there's a trailing newline character in the password. Would've taken much longer to spot in code.

URL Encoding Gets Tricky

Query parameters with special characters need URL encoding. Spaces become %20 (or +). Ampersands become %26. Forward slashes become %2F.

This matters when:

  • You're building search endpoints with user input
  • Query params contain URLs themselves (callback URLs, redirect URIs)
  • You're debugging why a parameter isn't being parsed correctly
  • API keys contain special characters

A URL encoder/decoder shows you exactly what the encoded/decoded version looks like. Particularly useful when debugging OAuth callback URLs, which are often URLs-within-URLs and become unreadable when double-encoded.

Real Debugging Workflow

Here's how these tools fit into an actual API debugging session:

  1. Request fails — check the HTTP status code meaning
  2. Auth issue? — decode the JWT to check claims and expiration
  3. Payload problem? — format the JSON to inspect the structure
  4. Header issue? — decode the Base64 auth header
  5. URL parsing? — decode the URL to check parameter encoding

Each step takes seconds. The alternative — writing throwaway scripts, installing CLI tools, or digging through documentation — takes minutes to hours.

Keep Them Open

I keep these tools in pinned browser tabs. Not because I can't do Base64 encoding in Python or format JSON in VS Code. I can. But context-switching to a terminal, writing a quick script, and running it breaks my debugging flow.

These tools are debugging speed. Paste, see result, understand problem, fix code. The fastest debugging cycle possible.

API development is 50% writing code and 50% figuring out why the code you wrote doesn't work the way you expected. The right browser tools don't replace your IDE or your debugger — they complement them by making the "figure it out" part faster.

🔧 Related Tools

🎫

JWT Decoder

Decode and inspect JSON Web Tokens

🌐

HTTP Status Codes

Lookup HTTP status code meanings

{ }

JSON Formatter

Format and validate JSON data with syntax highlighting

🔐

Base64 Encoder/Decoder

Encode or decode Base64 strings instantly

🔗

URL Encoder/Decoder

Encode or decode URL strings