Searchlight
Tools
BlogAbout
Free SEO Audit
Back to home
๐Ÿ“ˆSEO & Analytics
๐Ÿ—‚๏ธText & Data
๐Ÿ”Encoders & Decoders
Base64 TextBase64 FileURL EncoderHTML EntitiesNumber Base ConverterJWT DecoderMorse CodeROT13 / Caesar CipherHash GeneratorHMAC GeneratorHex โ†” Base64
โšกGenerators
๐Ÿ”„Converters
๐Ÿ–ผ๏ธImage Tools
๐Ÿ“„PDF Tools
๐Ÿ’ปCode Tools
๐Ÿ”Regex & Parsing
๐ŸงฎCalculators
๐Ÿ—บ๏ธDiagrams
๐ŸŒNetwork & Web
โœ๏ธText Utilities
๐ŸŽจColor Tools
๐Ÿ”€Diff & Compare
148+ tools. OAuth is read-only.
Searchlight

148+ free SEO, developer, image, PDF, and productivity tools - no account needed.

Free ยท all tools included
Company
  • Blog
  • About
  • Free SEO Audit
Legal
  • Privacy Policy
  • Terms of Service
  • Cookie Policy

ยฉ 2026 Searchlight. All rights reserved.

Read-only OAuth ยท No data reselling ยท Completely free

All ToolsEncoders & Decoders
๐Ÿ”

Encoders & Decoders

Encode, decode, hash, and cipher data in your browser.

11 live

Available now

Base64 TextNEW

Encode & decode Base64 text

Open tool
Base64 FileNEW

Encode images, PDFs & files to Base64

Open tool
URL EncoderNEW

URL encode / decode / percent-escape

Open tool
HTML EntitiesNEW

HTML entity encode & decode

Open tool
Number Base ConverterNEW

Binary / octal / decimal / hex converter

Open tool
JWT DecoderNEW

Decode & inspect JSON Web Tokens

Open tool
Morse CodeNEW

Text โ†” Morse code translator

Open tool
ROT13 / Caesar CipherNEW

ROT13 and Caesar cipher encoder

Open tool
Hash GeneratorNEW

MD5 / SHA-1 / SHA-256 / SHA-512

Open tool
HMAC GeneratorNEW

Generate HMAC signatures with secret keys

Open tool
Hex โ†” Base64NEW

Convert between hex and Base64 encoding

Open tool

About Encoders & Decoders

Free browser-based encoding, decoding, and hashing tools - Base64, URL encoding, HTML entities, JWT, HMAC, file hashing, and classic ciphers. All processing happens locally in your browser: no data is sent to any server, making these tools safe for encoding sensitive tokens, API keys, and private payloads. The Hash Generator produces MD5, SHA-1, SHA-256, SHA-384, and SHA-512 digests. The File Hash tool verifies file integrity using the Web Crypto API. HMAC Generator creates signed message authentication codes for API and webhook verification. JWT Decoder inspects JSON Web Token headers and payloads without a library.

When to use Encoders & Decoders

  • 1API development: encode request payloads with Base64 or URL encoding, generate HMAC-SHA256 signatures for signed API requests, and decode JWT tokens to inspect claims.
  • 2Webhook verification: use the HMAC Generator to compute the expected signature for a Stripe, GitHub, or Shopify webhook and compare it against the received header.
  • 3File integrity verification: after downloading software or large files, calculate the SHA-256 hash with the File Hash tool and compare it to the publisher's checksum.
  • 4Web development: encode special characters in URLs (URL Encoder), escape HTML entities for safe rendering in templates, and encode images as Base64 data URIs.
  • 5Security testing: decode JWT tokens to inspect their header, algorithm, and payload claims - useful for understanding authentication flows and finding misconfigurations.

Frequently Asked Questions

What is the difference between Base64 encoding and encryption?+
Base64 is encoding - it converts binary data to ASCII text using a fixed 64-character alphabet. Anyone can decode it instantly with no key. Encryption (AES, RSA) transforms data so it can only be recovered with the correct secret key. Never use Base64 for security - use it only for data transport and embedding.
How do I verify a Stripe webhook signature?+
Stripe sends a Stripe-Signature header containing a timestamp and HMAC-SHA256 signature. Concatenate the timestamp and raw request body with a period separator, compute HMAC-SHA256 using your webhook secret as the key, and compare the result to the signature in the header. The HMAC Generator here does this computation.
How do I decode a JWT without a library?+
A JWT has three parts separated by dots: header.payload.signature. The header and payload are Base64url encoded (not standard Base64). Paste the JWT into the JWT Decoder tool - it Base64url-decodes each part and displays the JSON claims including algorithm, issuer, expiry, and any custom claims.
Which hash algorithm should I use for file verification?+
SHA-256 is the current standard for file integrity verification and is used by most software publishers. MD5 and SHA-1 are still used by some older projects but are cryptographically broken and should not be trusted for security purposes. SHA-512 provides additional margin but SHA-256 is sufficient for all practical file verification needs.