Frequently Asked Questions (FAQ)

Find quick answers to common questions about DevHub's tools and services.

General Questions

What is DevHub?

DevHub is a comprehensive developer tools portal that provides free, professional-grade tools for software developers. We offer over 60 curated tools including Base64 encoding/decoding, URL encoding/decoding, JSON validation, JWT verification, OIDC testing, hash generation, and many more. Our platform also features educational blog content, tutorials, and guides to help developers improve their skills.

Is DevHub really free?

Yes! All tools on DevHub are completely free to use with no hidden costs, subscriptions, or premium tiers. We believe in democratizing access to professional development tools for developers worldwide. We monetize through non-intrusive advertising to keep the service free for everyone.

Do I need to create an account to use DevHub?

No, you don't need to create an account or register to use any of our tools. You can start using our Base64 encoder, JSON validator, JWT verifier, and all other tools immediately without providing any personal information. Optional newsletter subscriptions require an email address, but tool usage is completely anonymous.

What browsers does DevHub support?

DevHub works on all modern web browsers including:

  • Google Chrome (recommended, version 90+)
  • Mozilla Firefox (version 88+)
  • Safari (version 14+)
  • Microsoft Edge (version 90+)
  • Opera (version 76+)
  • Brave (current versions)

For the best experience, we recommend using the latest version of your preferred browser with JavaScript enabled.

Can I use DevHub on mobile devices?

Absolutely! DevHub is fully responsive and optimized for mobile devices. All tools work seamlessly on smartphones and tablets running iOS, Android, or other mobile operating systems. The mobile experience includes touch-friendly interfaces and adaptive layouts for comfortable use on smaller screens.

Privacy & Security

Is my data secure when using DevHub tools?

Yes, your data is very secure. Most of our tools (including Base64 encoder/decoder, URL encoder/decoder, JSON validator, JWT decoder, and hash generator) process data entirely client-side in your browser using JavaScript. This means:

  • Your data never leaves your device
  • We don't store, log, or transmit your data to our servers
  • Processing happens locally for maximum privacy
  • No one (including us) can see what you're encoding, decoding, or validating

All connections to DevHub use HTTPS encryption for additional security.

Do you collect my personal information?

We minimize data collection. We collect:

  • Anonymous Analytics: Google Analytics tracks general usage patterns (pages visited, time spent, etc.) but this data is anonymized
  • Email (Optional): Only if you subscribe to our newsletter
  • Technical Data: Browser type, device type, IP address (for analytics)

We do NOT collect:

  • Content you encode, decode, validate, or process with our tools
  • Passwords, tokens, or sensitive data you use in tools
  • Personal information unless you voluntarily provide it

For complete details, see our Privacy Policy.

Can I trust DevHub with sensitive data?

While our client-side tools are designed for maximum privacy, we recommend following these best practices:

  • Don't use production credentials: Never test with real passwords, API keys, or production secrets
  • Avoid real JWT tokens: Use test tokens instead of production tokens containing sensitive claims
  • OIDC Testing: Use development/staging OAuth endpoints, not production
  • Consider offline alternatives: For extremely sensitive data, use offline/local tools

Our tools are safe for testing and development, but use discretion with highly sensitive production data.

Tool-Specific Questions

Base64 Encoding/Decoding

What is Base64 encoding?

Base64 is a binary-to-text encoding scheme that converts binary data into ASCII string format using 64 different characters (A-Z, a-z, 0-9, +, /). It's commonly used for encoding binary data in JSON, XML, URLs, and email attachments. Base64 encoding increases data size by approximately 33%, but ensures data can be safely transmitted over text-based protocols.

When should I use Base64 encoding?

Common use cases include:

  • Embedding images in HTML/CSS: Data URLs for small images
  • Email attachments: MIME encoding for binary files
  • API Data Transfer: Sending binary data through JSON APIs
  • URL Parameters: Encoding binary data in URLs
  • Basic Authentication: HTTP Basic Auth headers
  • Storing binary data in databases: When binary columns aren't available

Can I encode files with the Base64 tool?

Currently, our Base64 tool focuses on text encoding. For file encoding, you can:

  • Read file content as text and encode it
  • Use command-line tools like base64 (Linux/Mac) or PowerShell's [Convert]::ToBase64String (Windows)
  • Use programming language libraries (Python's base64 module, JavaScript's btoa/atob, etc.)

URL Encoding/Decoding

What is URL encoding and why is it needed?

URL encoding (also called percent encoding) converts special characters in URLs to a format that can be transmitted over the internet. URLs can only contain certain characters from the ASCII set. Characters outside this set, or special characters that have specific meanings in URLs (like ?, &, =, #), must be encoded using the % sign followed by two hexadecimal digits.

What characters need to be URL encoded?

Characters that should be encoded include:

  • Spaces: Encoded as %20 or + (in query strings)
  • Special characters: !, #, $, %, &, ', (, ), *, +, ,, /, :, ;, =, ?, @, [, ]
  • Non-ASCII characters: All characters outside the ASCII range (accented letters, emojis, etc.)
  • Unsafe characters: ", <, >, \, ^, `, {, |, }, ~

What's the difference between URL encoding and percent encoding?

They're the same thing! "URL encoding" and "percent encoding" are different names for the same encoding scheme defined in RFC 3986. The term "percent encoding" comes from using the % character to encode special characters.

JSON Validation and Formatting

What is JSON and why validate it?

JSON (JavaScript Object Notation) is a lightweight data interchange format that's easy for humans to read and write, and easy for machines to parse and generate. JSON validation checks if your JSON syntax is correct according to the JSON specification. Invalid JSON can cause API errors, application crashes, and data parsing failures.

What are common JSON validation errors?

Common errors include:

  • Missing or extra commas: Trailing commas are not allowed in JSON
  • Unquoted keys: All object keys must be in double quotes
  • Single quotes: JSON requires double quotes, not single quotes
  • Undefined/NaN values: Only null, true, false, numbers, strings, arrays, and objects are allowed
  • Comments: JSON doesn't support comments (unlike JavaScript)
  • Unescaped special characters: Characters like newlines and quotes must be escaped

What's the difference between JSON validate, beautify, and minify?

  • Validate: Checks if JSON syntax is correct and reports errors
  • Beautify/Format: Adds proper indentation and line breaks for readability
  • Minify: Removes all whitespace to create the smallest possible JSON (useful for production)

JWT Token Verification

What is a JWT token?

JWT (JSON Web Token) is a compact, URL-safe means of representing claims between two parties. JWTs are commonly used for authentication and information exchange in web applications. A JWT consists of three parts separated by dots: Header.Payload.Signature.

How do I verify a JWT token?

JWT verification involves:

  • Parsing: Decode the Base64-encoded header and payload
  • Signature Verification: Verify the signature using the secret key or public key
  • Claims Validation: Check expiration (exp), issued at (iat), issuer (iss), and other claims
  • Algorithm Check: Ensure the algorithm (alg) matches expected value

Our JWT tool helps you decode and inspect JWT tokens. For full verification with signature checking, you'll need the secret key or public key.

Can I verify JWT signatures with DevHub?

Our JWT tool can decode and display JWT claims, but for security reasons, we don't support signature verification with secret keys through the web interface. For signature verification:

  • Use backend libraries in your application (jsonwebtoken for Node.js, PyJWT for Python, etc.)
  • Use offline JWT verification tools
  • Implement verification in your own code following security best practices

What JWT algorithms are supported?

JWTs can use various algorithms:

  • HMAC: HS256, HS384, HS512 (symmetric, uses shared secret)
  • RSA: RS256, RS384, RS512 (asymmetric, uses public/private keys)
  • ECDSA: ES256, ES384, ES512 (asymmetric, elliptic curve)

Our tool can decode JWTs using any algorithm, but signature verification requires implementation in your backend.

OIDC Testing

What is OIDC?

OIDC (OpenID Connect) is an authentication layer built on top of OAuth 2.0. It allows clients to verify the identity of users and obtain basic profile information. OIDC is widely used for Single Sign-On (SSO) and federated authentication.

How do I test OIDC authentication flows?

To test OIDC flows with DevHub:

  1. Configure your OIDC provider (Auth0, Okta, Google, Azure AD, etc.)
  2. Register DevHub's callback URL in your OIDC provider
  3. Enter your provider's configuration (issuer, client ID, etc.)
  4. Initiate the authentication flow
  5. Review tokens, claims, and user info returned

Important: Only use development/testing environments, never production credentials.

What OIDC flows are supported?

Common OIDC flows include:

  • Authorization Code Flow: Most secure, recommended for web apps
  • Implicit Flow: For browser-based apps (deprecated in OAuth 2.1)
  • Hybrid Flow: Combination of authorization code and implicit
  • Client Credentials: For machine-to-machine authentication

Our OIDC playground supports the authorization code flow, which is the most commonly used and secure option.

Hash Generator

What hash algorithms do you support?

DevHub's hash generator supports multiple algorithms:

  • MD5: 128-bit hash (legacy, not recommended for security)
  • SHA-1: 160-bit hash (deprecated for security)
  • SHA-256: 256-bit hash (recommended for most uses)
  • SHA-512: 512-bit hash (high security)
  • SHA3-256, SHA3-512: Modern SHA-3 variants
  • Keccak-256: Used in blockchain/Ethereum

Which hash algorithm should I use?

Recommendations by use case:

  • Password Hashing: Use bcrypt, Argon2, or PBKDF2 (not simple SHA hashes!)
  • File Integrity: SHA-256 or SHA-512
  • Digital Signatures: SHA-256 with RSA/ECDSA
  • Blockchain: Keccak-256 (Ethereum), SHA-256 (Bitcoin)
  • Legacy Systems: MD5 or SHA-1 only if required for compatibility
  • General Purpose: SHA-256 is a safe default choice

Never use MD5 or SHA-1 for security-critical applications! They have known vulnerabilities.

Can I use these hashes for password storage?

No! Simple hash functions like SHA-256 are not suitable for password storage because they're too fast and vulnerable to brute-force attacks. For password hashing, always use:

  • bcrypt: Popular and battle-tested
  • Argon2: Winner of Password Hashing Competition
  • PBKDF2: Widely supported, NIST-approved
  • scrypt: Memory-hard function

These algorithms are designed to be slow and include salting to prevent rainbow table attacks.

Technical Questions

Why do tools work offline after initial load?

Most of our tools run entirely in your browser using JavaScript. Once the page loads, the tool code is cached in your browser and doesn't need a server connection to function. This is why tools continue working even if you lose internet connectivity. It also ensures your data never leaves your device.

Can I use DevHub tools in my applications?

You can use our tools for development and testing, but we don't currently offer an API for programmatic access. For production applications, we recommend:

  • Implementing encoding/decoding in your backend using libraries
  • Using language-specific libraries (like Node.js's Buffer, Python's base64 module, etc.)
  • Following security best practices for your specific use case

If there's strong demand for an API, we may consider it in the future.

Do you have a CLI (Command Line Interface) tool?

Not currently. DevHub is web-based for maximum accessibility. However, most tools can be replicated using command-line utilities:

  • Base64: base64 (Linux/Mac), certutil -encode/-decode (Windows)
  • URL Encoding: jq -sRr @uri or Python's urllib.parse.quote
  • JSON: jq (validation and formatting)
  • Hashes: md5sum, sha256sum, sha512sum

Can I contribute to DevHub?

We welcome contributions! You can contribute by:

  • Writing Blog Posts: Share your expertise through guest articles
  • Suggesting Features: Tell us what tools or features you'd like to see
  • Reporting Bugs: Help us improve by reporting issues
  • Sharing Feedback: Let us know how we can make DevHub better
  • Spreading the Word: Tell other developers about DevHub

Contact us through our social channels or contact page to discuss contribution opportunities.

Troubleshooting

Tools aren't working properly. What should I do?

Try these troubleshooting steps:

  1. Enable JavaScript: All tools require JavaScript to be enabled
  2. Update Your Browser: Use the latest version of your browser
  3. Clear Cache: Clear browser cache and reload the page
  4. Disable Extensions: Try disabling ad blockers or privacy extensions temporarily
  5. Try Incognito Mode: Test in a private/incognito window
  6. Check Console: Open browser developer console (F12) and check for error messages
  7. Try Different Browser: Test in a different browser to isolate the issue

If problems persist, please contact us with details about your browser, device, and the specific issue.

Why do I see ads on DevHub?

We use non-intrusive advertising (Google AdSense) to keep DevHub free for all users. Ad revenue helps cover hosting costs, maintenance, and development of new features. We carefully select ad placements to minimize disruption while using tools.

Can I use DevHub without ads?

We don't currently offer an ad-free subscription. However, you can use ad blockers (though we'd appreciate if you didn't, as ads help keep the service free!). Most tools continue to work normally with ad blockers enabled since they run client-side.

The site looks broken or strange. What's wrong?

This could be due to:

  • Browser Compatibility: Update to a modern browser version
  • CSS Not Loading: Check if your ad blocker or firewall is blocking resources
  • Zoom Level: Reset browser zoom to 100%
  • Dark Mode: Try switching between light and dark themes
  • Cache Issues: Hard refresh the page (Ctrl+Shift+R or Cmd+Shift+R)

Account & Subscription

How do I subscribe to the newsletter?

You can subscribe to our newsletter by entering your email in the newsletter signup form found on our blog page and various parts of the site. We send occasional updates about new tools, blog posts, and developer tips. You can unsubscribe at any time using the link in any newsletter email.

Can I request new tools or features?

Absolutely! We love hearing from our community. You can request new tools or features by:

  • Contacting us through our contact page
  • Messaging us on social media (Instagram or YouTube)
  • Leaving comments on relevant blog posts

While we can't implement every request, we carefully consider all suggestions and prioritize based on community needs and technical feasibility.

Still Have Questions?

If you didn't find the answer to your question, we're here to help! Please reach out through:

We typically respond within 24-48 hours during business days.

Ready to Use Our Tools?

Start using DevHub's professional developer tools today - no signup required!

Explore Tools Contact Us