Skip to content

Base64 Encoder / Decoder

In-browser only Standard & URL-safe TextEncoder API
Variant
0 characters · 0 bytes
Base64 result
The converted result appears here.
Converted in your browser with the TextEncoder API.
Related tools View all

Overview

Encode and decode Base64 — Standard and URL-safe — in your browser

Paste Base64 to decode it back to text, or type text to encode it — the result updates as you type. The Standard and URL-safe variants are both supported and detected automatically on decode, a live character and byte counter tracks your input, and invalid Base64 is reported with the exact character and position.

  • Encode and decode in one place
  • Standard and URL-safe variants
  • Automatic variant detection on decode
  • JWT header segment decoding
  • Position-precise error messages
  • Runs entirely in your browser
  • Runs entirely in your browser — nothing is uploaded
  • Safe to convert tokens, secrets, and JWT segments
  • No data is logged or stored on a server
  • Works offline once the page has loaded
  • Data URIs and inline images in CSS or HTML
  • Inspecting JWT header segments
  • Encoding values for URLs, query params, and filenames
  • Email and MIME attachments
  • Embedding small binary blobs in JSON or config files

Guide

How to Use

  1. 1
    Choose a direction

    Pick the Encode tab to turn text into Base64, or the Decode tab to turn Base64 back into readable text.

  2. 2
    Select a variant

    Choose Standard (uses + and /) or URL-safe (uses - and _, no padding). When decoding, the variant is detected for you, so most of the time you can leave it alone.

  3. 3
    Enter your input

    Type, paste, or use the Paste button to pull text from your clipboard. The result updates as you type — no button to press.

  4. 4
    Copy or swap the result

    Click Copy to put the result on your clipboard. Use Swap to send the output back into the input and convert in the opposite direction — handy for verifying a round-trip.

Reference

Standard vs URL-safe Base64

Standard vs URL-safe Base64
VariantExtra charactersPaddingTypical use
Standard+ and /Kept (=)Data URIs, email/MIME
URL-safe- and _OmittedURLs, filenames, JWT

Pitfalls

Common Mistakes

  • Decoding a full JWT at once

    A JWT has three dot-separated segments. Pasting the whole token decodes only the header. To read the payload, copy the segment between the two dots and decode it on its own.

  • Mixing the two alphabets

    A single string cannot contain both +/ and -_. If a string mixes them it is not valid Base64 — it was likely corrupted by a partial find-and-replace. Re-export it from the original source.

  • Expecting Base64 to be encryption

    Base64 is an encoding, not encryption. Anyone can decode it. Never use it to hide passwords or secrets — it only makes binary data safe to carry as text.

  • Treating decoded binary as text

    Base64 can carry any bytes, including images and compressed data. Decoding such input produces unreadable characters because it is not text at all. This tool decodes to UTF-8 text.

Frequently Asked Questions

What is Base64 and why is it used?
Base64 is a binary-to-text encoding that represents arbitrary bytes using 64 printable ASCII characters. It lets binary data — images, files, cryptographic keys — travel safely through text-only channels such as HTML, CSS, JSON, URLs, and email. Each group of 3 bytes becomes 4 Base64 characters.
What is the difference between Standard and URL-safe Base64?
Standard Base64 uses + and / plus = for padding. URL-safe Base64 replaces + with - and / with _, and usually drops the = padding, so the result is safe to place directly in URLs, filenames, and JWT segments. This tool detects the variant automatically when you decode.
Is my input sent to a server?
No. All encoding and decoding happens in your browser using the built-in TextEncoder and atob/btoa APIs. Your text never leaves your device, so it is safe to convert tokens or other sensitive values.
Can this tool decode a JWT?
It decodes the JWT header. A JWT is three Base64url segments separated by dots: header, payload, and signature. When you paste a full token the tool recognises the shape and decodes the first segment. To inspect the payload, copy the middle segment and decode it separately. The signature is raw bytes and is not human-readable.
Why does my decoded text look like random characters?
The original data was probably not UTF-8 text — it may be an image, a file, or another binary format. Base64 carries any bytes, but this tool decodes them as UTF-8 text, so non-text input shows up as unreadable characters. That is expected.
Why does my Base64 string fail to decode?
The most common causes are an invalid character (the error message names the exact character and position), a string length that is not a multiple of four after padding is restored, or a string that mixes Standard and URL-safe characters. Re-copy the value from its original source to fix it.
Is Base64 a form of encryption?
No. Base64 is fully reversible and uses no key — anyone can decode it. It only makes binary data transport-safe as text. To protect data, encrypt it first, then optionally Base64-encode the ciphertext.