tokenbench

Terms of use

The service

TokenBench is a free collection of developer tools for working with JSON Web Tokens. It is provided by Kalisada LLC. All processing happens in your browser; see the privacy page for what that means in practice.

No warranty

The tools are provided "as is", without warranty of any kind, express or implied, including but not limited to warranties of merchantability, fitness for a particular purpose and non-infringement. Kalisada LLC is not liable for any claim, damages or other liability arising from the use of these tools.

In plainer terms: this is a debugging aid, not a security audit. A token that passes every check on this site can still be used insecurely by the system around it, and the security lints here catch common problems — not all problems. Do not treat a clean lint result as an assurance that your authentication is sound.

Acceptable use

Use these tools on tokens and keys you are authorised to handle. The generator can produce deliberately invalid tokens, including unsigned ones; they exist so that you can verify your own systems reject them. Using them against systems you do not own or have permission to test is unlawful in most jurisdictions, and is not something we can help you with.

Key material

Key pairs generated by this site are produced by your browser's WebCrypto implementation. The randomness is sound, but a key that has been rendered in a web page has a larger exposure surface than one generated on the machine it will live on. Treat browser-generated keys as test keys. Generate production keys with your key management system, or with openssl.

Availability and changes

The site is offered without any uptime commitment, and these terms may change. The tool source is public under the MIT licence at the repository; if this site ever disappears, you can run it yourself.

Kalisada LLC. Last updated July 2026.