ToolBox Pro API - 21 Endpoints for Developers
A Programmatic API for ToolBox
ToolBox has always been a browser-first tool suite. You open a page, paste your data, get the result. That works well for one-off tasks, but it falls apart when you need to process data in a script, a CI pipeline, or a backend service.
The ToolBox Pro API fixes that. It exposes 21 REST endpoints and a programmable tool-chain pipeline, all running on Cloudflare Workers at the edge. Every endpoint accepts JSON, returns JSON, and authenticates via a simple Bearer token.
This post covers every endpoint, how authentication works, the tool-chain API in detail, and practical examples you can copy-paste into your terminal right now.
---
Authentication
Every API request requires a Bearer token in the Authorization header. Tokens use the tb_ prefix.
curl -X POST https://toolbox-kit.com/api/v1/json-format \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_your_api_key_here" \
-d '{"json": "{\"name\":\"test\"}"}'If the token is missing or does not start with tb_, the API returns a 401 error:
{
"error": "Invalid or missing API key. Use Authorization: Bearer tb_xxxxx"
}Pro subscribers get their API key from the Pro dashboard. The key is tied to their subscription and follows the same device-limiting rules as the web interface.
All endpoints support CORS with Access-Control-Allow-Origin: *, so you can call them from browser JavaScript in development. In production, use them from server-side code to keep your API key private.
---
Endpoint Reference
The 21 endpoints are organized into six categories based on what they do. Every endpoint uses POST and returns a JSON response with a result field on success or an error field on failure.
Category 1: JSON and Data
These endpoints handle JSON formatting, validation, minification, CSV conversion, and text diffing.
---
#### POST /api/v1/json-format
Formats a JSON string with configurable indentation. Takes a raw JSON string and returns it prettified.
Request body:
{
"json": "{\"users\":[{\"id\":1,\"name\":\"Alice\"},{\"id\":2,\"name\":\"Bob\"}]}",
"indent": 2
}The indent field is optional and defaults to 2. It accepts values between 0 and 8.
Response:
{
"result": "{\n \"users\": [\n {\n \"id\": 1,\n \"name\": \"Alice\"\n },\n {\n \"id\": 2,\n \"name\": \"Bob\"\n }\n ]\n}"
}curl example:
curl -X POST https://toolbox-kit.com/api/v1/json-format \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"json": "{\"a\":1,\"b\":2}", "indent": 4}'If the input is not valid JSON, you get a 400 error with "Invalid JSON input" and the parser's error message.
---
#### POST /api/v1/json-minify
Strips all whitespace from a JSON string and reports the size savings.
Request body:
{
"input": "{\n \"name\": \"Alice\",\n \"age\": 30\n}"
}Response:
{
"result": "{\"name\":\"Alice\",\"age\":30}",
"originalSize": 38,
"minifiedSize": 25,
"savings": 13,
"savingsPercent": 34
}The savingsPercent field gives you a quick read on how much bloat was in the original. Useful in build scripts where you want to log compression ratios.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/json-minify \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"input": "{\n \"key\": \"value\"\n}"}'---
#### POST /api/v1/json-validate
Validates a JSON string and returns structural information about it - type, key count, nesting depth, array length.
Request body:
{
"input": "[{\"id\": 1}, {\"id\": 2}]"
}Response (valid JSON):
{
"result": {
"valid": true,
"type": "array",
"size": 22,
"keys": 2,
"depth": 1,
"arrayLength": 2
}
}Response (invalid JSON):
{
"result": {
"valid": false,
"error": "Expected ',' or ']' after array element in JSON at position 15"
}
}This endpoint does not throw a 400 on invalid JSON. It returns a 200 with valid: false because validation is the purpose. You only get a 400 if the input field itself is missing or not a string.
---
#### POST /api/v1/csv-json
Converts between CSV and JSON in both directions. The mode field controls the direction.
CSV to JSON:
{
"mode": "csv-to-json",
"csv": "name,age,city\nAlice,30,Portland\nBob,25,Denver",
"delimiter": ","
}Response:
{
"result": [
{"name": "Alice", "age": "30", "city": "Portland"},
{"name": "Bob", "age": "25", "city": "Denver"}
],
"rowCount": 2
}JSON to CSV:
{
"mode": "json-to-csv",
"data": [
{"name": "Alice", "age": 30},
{"name": "Bob", "age": 25}
],
"delimiter": ","
}Response:
{
"result": "name,age\nAlice,30\nBob,25",
"rowCount": 2
}The parser handles quoted fields with embedded commas, escaped double quotes, and CRLF line endings. The delimiter field is optional and defaults to comma. Use \t for TSV data.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/csv-json \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"mode": "csv-to-json", "csv": "name,email\nAlice,alice@example.com"}'---
#### POST /api/v1/diff
Computes a line-based diff between two strings using an LCS (Longest Common Subsequence) algorithm. Returns both structured changes and a unified diff format.
Request body:
{
"original": "line one\nline two\nline three",
"modified": "line one\nline 2\nline three\nline four"
}Response:
{
"result": {
"changes": [
{"type": "unchanged", "line": "line one"},
{"type": "removed", "line": "line two"},
{"type": "added", "line": "line 2"},
{"type": "unchanged", "line": "line three"},
{"type": "added", "line": "line four"}
],
"unified": " line one\n- line two\n+ line 2\n line three\n+ line four",
"stats": {"added": 2, "removed": 1, "unchanged": 2}
}
}Input is limited to 100KB per string. The changes array gives you programmatic access to each line's status. The unified string is ready to display in a terminal or log.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/diff \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"original": "hello\nworld", "modified": "hello\nearth"}'---
Category 2: Encoding
Endpoints for Base64 and URL encoding/decoding, plus HTML entity conversion.
---
#### POST /api/v1/base64
Encodes or decodes Base64 strings. Handles UTF-8 correctly through TextEncoder/TextDecoder, so non-ASCII characters survive the round trip.
Encode:
{
"input": "Hello, World! Cafe with accents: cafe",
"mode": "encode"
}Response:
{
"result": "SGVsbG8sIFdvcmxkISBDYWZlIHdpdGggYWNjZW50czogY2FmZQ=="
}Decode:
{
"input": "SGVsbG8sIFdvcmxkIQ==",
"mode": "decode"
}curl example:
curl -X POST https://toolbox-kit.com/api/v1/base64 \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"input": "secret-value", "mode": "encode"}'---
#### POST /api/v1/url-encode
URL-encodes or decodes strings using encodeURIComponent / decodeURIComponent.
Request body:
{
"input": "hello world & foo=bar",
"mode": "encode"
}Response:
{
"result": "hello%20world%20%26%20foo%3Dbar"
}curl example:
curl -X POST https://toolbox-kit.com/api/v1/url-encode \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"input": "search query with spaces", "mode": "encode"}'---
#### POST /api/v1/html-entities
Encodes or decodes HTML entities. Encoding converts &, <, >, ", ', and backticks. Decoding handles named entities (&, <, ©, ™, etc.) plus numeric entities in both decimal (') and hex (') formats.
Request body:
{
"input": "<script>alert('xss')</script>",
"mode": "encode"
}Response:
{
"result": "<script>alert('xss')</script>"
}curl example:
curl -X POST https://toolbox-kit.com/api/v1/html-entities \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"input": "<p>Hello</p>", "mode": "decode"}'---
Category 3: Hashing and Security
Cryptographic hashing, HMAC signature generation, and secure password generation.
---
#### POST /api/v1/hash
Generates hash digests using SHA-256, SHA-1, or MD5. SHA-256 and SHA-1 use the Web Crypto API. MD5 uses a bundled implementation since Web Crypto does not support it.
Request body:
{
"input": "hash this string",
"algorithm": "sha256"
}Response:
{
"result": "a1b2c3d4e5f6...",
"algorithm": "sha256"
}Valid algorithms: sha256, sha-256, sha1, sha-1, md5.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/hash \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"input": "file-content-here", "algorithm": "sha256"}'This is useful in CI scripts where you need to verify content integrity. Pipe file contents into the API and compare the hash against a known good value.
---
#### POST /api/v1/hmac
Generates HMAC signatures using the Web Crypto API. Supports SHA-256, SHA-1, SHA-384, and SHA-512.
Request body:
{
"message": "webhook-payload-body",
"secret": "your-webhook-secret",
"algorithm": "sha256"
}Response:
{
"result": "f7bc83f430538...",
"algorithm": "sha256"
}The typical use case for this endpoint is verifying webhook signatures. Services like GitHub, Stripe, and Paddle sign their webhook payloads with HMAC-SHA256. You can use this endpoint to compute the expected signature and compare it against what the webhook sent.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/hmac \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"message": "payload", "secret": "my-secret", "algorithm": "sha256"}'---
#### POST /api/v1/password-generate
Generates cryptographically secure passwords using crypto.getRandomValues(). You can control length, count, and which character sets to include.
Request body:
{
"length": 24,
"count": 5,
"lowercase": true,
"uppercase": true,
"numbers": true,
"symbols": true
}Response (count > 1):
{
"result": [
"k8$Mn2!pQ7x#Lw9@Rj4&Yt5",
"Gf3^Hs6(Bv1+Nq8=Dx0]Kz7",
"..."
],
"length": 24,
"count": 5,
"charset": {
"lowercase": true,
"uppercase": true,
"numbers": true,
"symbols": true
}
}All fields are optional. Defaults: 16 characters, 1 password, all character sets enabled. Maximum length is 128, maximum count is 50.
When count is 1, result is a string instead of an array.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/password-generate \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"length": 32, "count": 10}'This is useful for generating passwords in deployment scripts or seeding test databases with realistic credential data.
---
Category 4: Text Processing
Text analysis, case conversion, slugification, and Markdown-to-HTML conversion.
---
#### POST /api/v1/text-stats
Analyzes a text string and returns word count, character count, sentence count, paragraph count, line count, estimated reading time, speaking time, and the top 10 most frequent characters.
Request body:
{
"text": "This is a sample paragraph.\n\nIt has two paragraphs and multiple sentences. The API counts everything."
}Response:
{
"result": {
"characters": 101,
"charactersNoSpaces": 84,
"words": 16,
"sentences": 3,
"paragraphs": 2,
"lines": 3,
"readingTimeMinutes": 1,
"speakingTimeMinutes": 1,
"topCharacters": [
{"char": "a", "count": 8},
{"char": "s", "count": 7}
]
}
}Reading time uses 200 WPM. Speaking time uses 130 WPM.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/text-stats \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"text": "Count these words for me."}'---
#### POST /api/v1/case-convert
Converts text between 11 different case formats. You can request a single conversion or get all formats at once.
Single conversion:
{
"input": "hello world example",
"to": "camelCase"
}Response:
{
"result": "helloWorldExample"
}All conversions (omit the `to` field):
{
"input": "hello world example"
}Response:
{
"result": {
"camelCase": "helloWorldExample",
"PascalCase": "HelloWorldExample",
"snake_case": "hello_world_example",
"SCREAMING_SNAKE_CASE": "HELLO_WORLD_EXAMPLE",
"kebab-case": "hello-world-example",
"Title Case": "Hello World Example",
"UPPER CASE": "HELLO WORLD EXAMPLE",
"lower case": "hello world example",
"dot.case": "hello.world.example",
"path/case": "hello/world/example",
"constant_case": "HELLO_WORLD_EXAMPLE"
}
}The converter correctly splits camelCase, PascalCase, snake_case, and kebab-case inputs into words before converting, so myVariableName becomes my_variable_name when converted to snake_case.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/case-convert \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"input": "myFunctionName", "to": "kebab-case"}'---
#### POST /api/v1/slugify
Generates URL-friendly slugs from arbitrary text. Handles diacritics, special characters, and configurable separators.
Request body:
{
"input": "10 Tips for Better Code Quality!",
"separator": "-",
"lowercase": true,
"maxLength": 50
}Response:
{
"result": "10-tips-for-better-code-quality"
}The slug generator strips diacritics using Unicode NFD normalization, removes non-word characters, and collapses consecutive separators. The separator field accepts - or _. The maxLength field truncates without leaving a trailing separator.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/slugify \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"input": "Blog Post Title Here"}'---
#### POST /api/v1/markdown-html
Converts Markdown to HTML. Supports headings, bold, italic, strikethrough, code blocks with language hints, inline code, links, images, blockquotes, unordered lists, and horizontal rules.
Request body:
{
"markdown": "# Hello\n\nThis is **bold** and *italic*.\n\n```js\nconsole.log('hi');\n```"
}Response:
{
"result": "<h1>Hello</h1>\n<p>This is <strong>bold</strong> and <em>italic</em>.</p>\n<pre><code class=\"language-js\">console.log('hi');</code></pre>"
}This is a lightweight converter. It does not handle tables, footnotes, or task lists. For full CommonMark compliance, use a dedicated library. This endpoint is designed for quick conversions where you need HTML from simple Markdown.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/markdown-html \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"markdown": "## Heading\n\n- item one\n- item two"}'---
Category 5: Utilities
General-purpose utility endpoints for common developer tasks.
---
#### POST /api/v1/uuid
Generates cryptographically random UUID v4 strings using crypto.randomUUID().
Request body:
{
"count": 5,
"uppercase": false
}Response:
{
"result": [
"550e8400-e29b-41d4-a716-446655440000",
"6ba7b810-9dad-11d1-80b4-00c04fd430c8",
"..."
],
"count": 5
}Maximum count is 100. When count is 1, result is a string rather than an array.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/uuid \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"count": 10}'---
#### POST /api/v1/timestamp
Converts between Unix timestamps and ISO date strings. Also returns the current time when now: true is sent.
Current time:
{
"now": true
}Response:
{
"result": {
"unix": 1709382225,
"unixMs": 1709382225000,
"iso": "2026-03-02T14:30:25.000Z",
"utc": "Sat, 02 Mar 2026 14:30:25 GMT"
}
}Unix to date:
{
"timestamp": 1709382225
}Date to Unix:
{
"date": "2026-03-08T12:00:00Z"
}The endpoint auto-detects whether a timestamp is in seconds or milliseconds. Values above 1 trillion are treated as milliseconds.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/timestamp \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"now": true}'---
#### POST /api/v1/lorem-ipsum
Generates placeholder lorem ipsum text in words, sentences, or paragraphs.
Request body:
{
"type": "paragraphs",
"count": 3
}Response:
{
"result": "Lorem ipsum dolor sit amet...\n\nSed do eiusmod tempor...\n\nUt enim ad minim veniam...",
"type": "paragraphs",
"count": 3
}Valid types: words, sentences, paragraphs (default). Maximum count is 50.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/lorem-ipsum \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"type": "sentences", "count": 5}'---
#### POST /api/v1/color-convert
Converts colors between hex, RGB, and HSL formats. Returns all representations of the input color.
Request body (hex input):
{
"color": "#3b82f6",
"from": "hex"
}Response:
{
"result": {
"hex": "#3b82f6",
"rgb": {"r": 59, "g": 130, "b": 246},
"hsl": {"h": 217, "s": 91, "l": 60},
"css": {
"hex": "#3b82f6",
"rgb": "rgb(59, 130, 246)",
"hsl": "hsl(217, 91%, 60%)"
}
}
}RGB input:
{
"color": {"r": 59, "g": 130, "b": 246},
"from": "rgb"
}HSL input:
{
"color": {"h": 217, "s": 91, "l": 60},
"from": "hsl"
}The css field in the response gives you copy-paste-ready CSS strings.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/color-convert \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"color": "#ff6600", "from": "hex"}'---
#### POST /api/v1/number-base
Converts numbers between decimal, hexadecimal, binary, and octal.
Request body:
{
"value": "255",
"from": "decimal"
}Response:
{
"result": {
"decimal": 255,
"hex": "0xFF",
"binary": "0b11111111",
"octal": "0o377"
}
}The from field accepts: binary, octal, decimal, hex. The input automatically strips common prefixes like 0x, 0b, 0o.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/number-base \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"value": "0xFF", "from": "hex"}'---
#### POST /api/v1/jwt-decode
Decodes JWT tokens without verifying the signature. Returns the parsed header, payload, and expiration information.
Request body:
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzEyMyIsImlhdCI6MTcwOTM4MjIyNSwiZXhwIjoxNzA5Mzg1ODI1fQ.abc"
}Response:
{
"result": {
"header": {"alg": "HS256", "typ": "JWT"},
"payload": {"sub": "user_123", "iat": 1709382225, "exp": 1709385825},
"expired": false,
"expiresAt": "2026-03-02T15:30:25.000Z",
"issuedAt": "2026-03-02T14:30:25.000Z"
}
}The expired field is only present if the token has an exp claim. Same for expiresAt and issuedAt.
No signature verification is performed. This is a decoding tool, not a validation tool. You should not use this for authentication decisions in production - only for inspecting token contents during development and debugging.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/jwt-decode \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"token": "eyJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoidmFsdWUifQ.signature"}'---
#### POST /api/v1/regex-test
Tests a regular expression pattern against a string and returns all matches with their positions and capture groups.
Request body:
{
"pattern": "(\\d{4})-(\\d{2})-(\\d{2})",
"text": "Event dates: 2026-03-08 and 2026-04-15",
"flags": "g"
}Response:
{
"result": {
"isMatch": true,
"matchCount": 2,
"matches": [
{
"match": "2026-03-08",
"index": 13,
"groups": ["2026", "03", "08"]
},
{
"match": "2026-04-15",
"index": 28,
"groups": ["2026", "04", "15"]
}
]
}
}Valid flags: g, i, m, s, u, y. Default is g. Named capture groups are returned in a separate namedGroups field. The endpoint has a safety limit of 1000 matches to prevent catastrophic backtracking from consuming resources.
curl example:
curl -X POST https://toolbox-kit.com/api/v1/regex-test \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{"pattern": "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}", "text": "Contact alice@example.com or bob@test.org", "flags": "g"}'---
Category 6: Tool Chainer
The tool-chain endpoint is the most powerful in the API. It lets you define a sequence of text transformations and run them in order, piping the output of each step into the next.
---
#### GET /api/v1/tool-chain
Returns the list of all available processors and their categories.
Response:
{
"processors": [
"base64-encode", "base64-decode", "url-encode", "url-decode",
"html-encode", "html-decode", "uppercase", "lowercase",
"title-case", "camel-case", "pascal-case", "snake-case",
"kebab-case", "constant-case", "json-prettify", "json-minify",
"trim", "remove-blank-lines", "sort-lines", "reverse-lines",
"unique-lines", "reverse", "rot13", "number-lines",
"find-replace", "prefix", "suffix", "wrap-lines",
"join-lines", "sha1", "sha256", "sha512"
],
"categories": {
"encoding": ["base64-encode", "base64-decode", "url-encode", "url-decode", "html-encode", "html-decode"],
"case": ["uppercase", "lowercase", "title-case", "camel-case", "pascal-case", "snake-case", "kebab-case", "constant-case"],
"format": ["json-prettify", "json-minify", "trim", "remove-blank-lines", "sort-lines", "reverse-lines", "unique-lines"],
"transform": ["reverse", "rot13", "number-lines"],
"manipulate": ["find-replace", "prefix", "suffix", "wrap-lines", "join-lines"],
"hash": ["sha1", "sha256", "sha512"]
}
}That is 32 processors across 6 categories, plus the options that several processors accept. The tool-chain is a pipeline - each step's output feeds into the next step's input.
---
#### POST /api/v1/tool-chain
Runs a pipeline of transformations on the input text.
Request body:
{
"input": " Hello, World! \n Goodbye, World! ",
"steps": [
{"processorId": "trim"},
{"processorId": "uppercase"},
{"processorId": "base64-encode"}
]
}Response:
{
"result": "SEVMTE8sIFdPUkxEIQogIEdPT0RCWUUsIFdPUkxEIQ==",
"steps": [
{"step": 1, "processorId": "trim", "output": "Hello, World!\n Goodbye, World!", "durationMs": 0},
{"step": 2, "processorId": "uppercase", "output": "HELLO, WORLD!\n GOODBYE, WORLD!", "durationMs": 0},
{"step": 3, "processorId": "base64-encode", "output": "SEVMTE8sIFdPUkxEIQogIEdPT0RCWUUsIFdPUkxEIQ==", "durationMs": 0}
],
"totalSteps": 3
}Maximum 20 steps per chain. If any step fails, the chain stops at that point and the error is reported in the step's error field.
---
Tool Chain Processors in Detail
Here is what each processor does and what options it accepts.
Encoding Processors
| Processor | Description |
|---|---|
base64-encode | Encodes the input string to Base64 |
base64-decode | Decodes a Base64 string back to plain text |
url-encode | Percent-encodes special characters |
url-decode | Decodes percent-encoded characters |
html-encode | Converts &, <, >, ", ' to HTML entities |
html-decode | Converts HTML entities back to characters |
Case Processors
| Processor | Example output for "hello world" |
|---|---|
uppercase | HELLO WORLD |
lowercase | hello world |
title-case | Hello World |
camel-case | helloWorld |
pascal-case | HelloWorld |
snake-case | hello_world |
kebab-case | hello-world |
constant-case | HELLO_WORLD |
Format Processors
| Processor | Description | Options |
|---|---|---|
json-prettify | Pretty-prints JSON | indent (default: 2) |
json-minify | Strips whitespace from JSON | - |
trim | Removes leading/trailing whitespace | - |
remove-blank-lines | Removes empty lines | - |
sort-lines | Sorts lines alphabetically | - |
reverse-lines | Reverses line order | - |
unique-lines | Removes duplicate lines | - |
Transform Processors
| Processor | Description | Options |
|---|---|---|
reverse | Reverses the string character by character | - |
rot13 | Applies ROT13 cipher | - |
number-lines | Prefixes each line with its number | start (default: 1) |
Manipulate Processors
| Processor | Description | Options |
|---|---|---|
find-replace | Finds and replaces text | find, replace, regex (boolean) |
prefix | Adds a prefix to each line | prefix |
suffix | Adds a suffix to each line | suffix |
wrap-lines | Wraps lines at a given width | width (default: 80) |
join-lines | Joins all lines with a separator | separator (default: ", ") |
Hash Processors
| Processor | Description |
|---|---|
sha1 | SHA-1 hash digest |
sha256 | SHA-256 hash digest |
sha512 | SHA-512 hash digest |
Hash processors are async and use the Web Crypto API on Cloudflare Workers.
---
Practical Pipeline Examples
Clean and normalize API response data
curl -X POST https://toolbox-kit.com/api/v1/tool-chain \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{
"input": " {\"name\":\"Alice\", \"age\":30} ",
"steps": [
{"processorId": "trim"},
{"processorId": "json-prettify", "options": {"indent": "2"}}
]
}'Generate a URL slug from a title
curl -X POST https://toolbox-kit.com/api/v1/tool-chain \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{
"input": "My Blog Post Title - Part 2",
"steps": [
{"processorId": "lowercase"},
{"processorId": "trim"},
{"processorId": "find-replace", "options": {"find": "[^a-z0-9\\s-]", "replace": "", "regex": true}},
{"processorId": "find-replace", "options": {"find": "\\s+", "replace": "-", "regex": true}}
]
}'Prepare data for a hash comparison
curl -X POST https://toolbox-kit.com/api/v1/tool-chain \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{
"input": " Content to verify ",
"steps": [
{"processorId": "trim"},
{"processorId": "lowercase"},
{"processorId": "sha256"}
]
}'Deduplicate and sort log entries
curl -X POST https://toolbox-kit.com/api/v1/tool-chain \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{
"input": "ERROR: timeout\nWARN: retry\nERROR: timeout\nINFO: ok\nWARN: retry",
"steps": [
{"processorId": "trim"},
{"processorId": "remove-blank-lines"},
{"processorId": "unique-lines"},
{"processorId": "sort-lines"}
]
}'Result: ERROR: timeout\nINFO: ok\nWARN: retry - deduplicated and sorted.
Convert variable names between formats
curl -X POST https://toolbox-kit.com/api/v1/tool-chain \
-H "Content-Type: application/json" \
-H "Authorization: Bearer tb_xxxxx" \
-d '{
"input": "getUserProfile\nsetAccountSettings\ndeleteOldRecords",
"steps": [
{"processorId": "kebab-case"}
]
}'---
Error Handling
All endpoints follow a consistent error format:
{
"error": "Description of what went wrong"
}HTTP status codes:
| Code | Meaning |
|---|---|
| 200 | Success |
| 400 | Bad request - missing or invalid fields |
| 401 | Unauthorized - invalid or missing API key |
| 429 | Rate limited |
| 500 | Internal server error |
The json-validate endpoint is an exception - it returns 200 even for invalid JSON, since validation is the purpose. The valid field in the response body indicates the result.
---
Rate Limits
API endpoints are rate-limited per subscription. The current limits are generous enough for normal development use. If you hit a rate limit, the API returns a 429 status code. Wait a few seconds and retry.
The tool-chain endpoint limits chains to 20 steps maximum. This prevents runaway pipelines from consuming excessive compute time on the Workers runtime.
---
Integration Examples
Node.js
const response = await fetch('https://toolbox-kit.com/api/v1/hash', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer tb_xxxxx',
},
body: JSON.stringify({
input: 'content to hash',
algorithm: 'sha256',
}),
});
const { result } = await response.json();
console.log(result); // hex hash stringPython
import requests
response = requests.post(
'https://toolbox-kit.com/api/v1/json-format',
headers={
'Content-Type': 'application/json',
'Authorization': 'Bearer tb_xxxxx',
},
json={
'json': '{"compact":"data","needs":"formatting"}',
'indent': 2,
},
)
print(response.json()['result'])Shell Script
#!/bin/bash
API_KEY="tb_xxxxx"
BASE="https://toolbox-kit.com/api/v1"
# Generate 5 UUIDs for a test database
uuids=$(curl -s -X POST "$BASE/uuid" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $API_KEY" \
-d '{"count": 5}')
echo "$uuids" | jq -r '.result[]'---
Full Endpoint List
Here is the complete list of all 21 endpoints, plus the tool-chain GET endpoint, for quick reference:
| # | Endpoint | Method | Category |
|---|---|---|---|
| 1 | /api/v1/json-format | POST | JSON and Data |
| 2 | /api/v1/json-minify | POST | JSON and Data |
| 3 | /api/v1/json-validate | POST | JSON and Data |
| 4 | /api/v1/csv-json | POST | JSON and Data |
| 5 | /api/v1/diff | POST | JSON and Data |
| 6 | /api/v1/base64 | POST | Encoding |
| 7 | /api/v1/url-encode | POST | Encoding |
| 8 | /api/v1/html-entities | POST | Encoding |
| 9 | /api/v1/hash | POST | Hashing and Security |
| 10 | /api/v1/hmac | POST | Hashing and Security |
| 11 | /api/v1/password-generate | POST | Hashing and Security |
| 12 | /api/v1/text-stats | POST | Text Processing |
| 13 | /api/v1/case-convert | POST | Text Processing |
| 14 | /api/v1/slugify | POST | Text Processing |
| 15 | /api/v1/markdown-html | POST | Text Processing |
| 16 | /api/v1/uuid | POST | Utilities |
| 17 | /api/v1/timestamp | POST | Utilities |
| 18 | /api/v1/lorem-ipsum | POST | Utilities |
| 19 | /api/v1/color-convert | POST | Utilities |
| 20 | /api/v1/number-base | POST | Utilities |
| 21 | /api/v1/jwt-decode | POST | Utilities |
| 22 | /api/v1/regex-test | POST | Utilities |
| - | /api/v1/tool-chain | GET/POST | Tool Chainer |
The GET endpoint for tool-chain returns the list of available processors. The POST endpoint runs a pipeline.
---
Why an API Instead of Just a Website
A website is good for ad-hoc tasks. You open a tab, paste something, get a result. But there are entire categories of work where a browser is the wrong tool:
- CI/CD pipelines that need to validate JSON configs before deployment
- Backend services that generate UUIDs or passwords at runtime
- Scripts that process CSV data in batch
- Build tools that need to compute content hashes
- Automation workflows that chain text transformations
The ToolBox Pro API brings all 139+ tool capabilities into these contexts. Same logic, same results, accessible from any HTTP client.
All API endpoints run on Cloudflare Workers at the edge. Latency is consistently low regardless of where you call from. The Workers runtime starts in under 5ms, and most endpoints complete in under 50ms total.
---
Getting Started
- Subscribe to ToolBox Pro to get your API key
- Pick an endpoint from the reference above
- Send a POST request with your data and Bearer token
- Parse the JSON response
The API is live now. Every endpoint documented here is ready to use.
Related Tools
Free, private, no signup required
Webhook Tester
Webhook tester online - generate temporary webhook URLs and inspect incoming HTTP requests for free
JSON Formatter
JSON formatter and validator online - format, beautify, and validate JSON data instantly in your browser
API Mock Response Generator
Free online API mock response generator - generate mock API responses for testing
Regex Tester
Free online regex tester - test and debug regular expressions with live matching and highlights
You might also like
Want higher limits, batch processing, and AI tools?