Base64 Encoder / Decoder

How to Use the Base64 Tool

The tool supports two directions: encoding plain text to Base64 and decoding Base64 back to plain text. Here is how to use each mode effectively.

1. Choose a direction — select Encode if you are starting with plain text and want a Base64 string, or select Decode if you have a Base64 string and want to recover the original text.
2. Paste or type your input — the conversion updates automatically as you type, so you do not need to click a button. For encoding, paste any UTF-8 text: a password, an API key, a JSON snippet, or any string. For decoding, paste a valid Base64 string. The tool accepts both standard Base64 (using + and /) and URL-safe Base64 (using - and _).
3. Read the output — the result appears immediately in the output panel. If you are decoding and the input is not valid Base64, the tool will indicate a decoding error rather than returning garbled text.
4. Copy the result — use the Copy button to grab the output. This is useful when you are building an HTTP Basic Auth header, constructing a data URI, or inspecting an encoded payload inside a JWT token.

A note on character encoding: this tool treats all input as UTF-8. If you are working with text that includes non-ASCII characters — such as accented letters or CJK characters — the Base64 output will correctly encode the UTF-8 byte sequence. When decoding, the tool assumes the byte sequence is UTF-8. If the original data was encoded in a different character set, the decoded text may not render correctly.

For inspecting JWT tokens specifically, paste the second segment (payload) of a JWT into the Decode input to see the claims. JWTs use URL-safe Base64 without padding, so the tool handles the = padding automatically. See our JWT Decoder for a dedicated JWT inspection experience.

What is Base64 Encoding?

Base64 is a binary-to-text encoding scheme defined in RFC 4648. It represents arbitrary binary data using a fixed alphabet of 64 printable ASCII characters: the 26 uppercase letters A–Z, the 26 lowercase letters a–z, the digits 0–9, and the two symbols + and /. A 65th character, =, is used as padding.

The encoding works by reading the input three bytes at a time (24 bits) and splitting those bits into four 6-bit groups. Each 6-bit value maps to one character in the Base64 alphabet, producing four output characters for every three input bytes. When the input length is not a multiple of three, one or two = padding characters are appended to bring the output length to a multiple of four.

This 4-to-3 character ratio is why Base64 increases data size by approximately 33%. That overhead is an accepted trade-off whenever binary data must pass through a channel that only handles printable ASCII — for example, an HTTP header, a JSON string field, or an email body encoded with MIME. The alternative — transmitting raw binary bytes through a text channel — often results in data corruption because control characters and bytes above 127 are interpreted or stripped by intermediary systems.

Common Use Cases

• Embedding images in HTML or CSS using data URIs — instead of referencing an external image file, you can encode the image bytes as Base64 and embed them directly in an src attribute or a CSS background-image value. This eliminates an extra HTTP request, which is useful for small icons or inline SVGs in single-file HTML documents.
• Encoding binary data for JSON API payloads — JSON only supports text values. If you need to include binary content — such as a PDF, a signature byte array, or a small image — in a JSON request or response body, Base64 encoding is the standard way to embed it as a string field.
• Encoding email attachments (MIME) — the MIME standard uses Base64 to encode binary attachments in email messages. When you receive an email with a PDF attached, the raw bytes of that PDF are encoded as a Base64 string inside the email's MIME structure.
• Storing binary data in text-only environments — databases, environment variables, and configuration files are often limited to printable ASCII or UTF-8 text. Base64 lets you store a binary value — a cryptographic key, a certificate, or a serialised object — in any of these environments without escaping issues.
• Basic obfuscation of strings — some developers use Base64 to obscure strings that should not be immediately readable in source code or logs. This is not security; any developer who sees the string can decode it in seconds. Use it only when the goal is reducing accidental exposure, not preventing deliberate access.
• Encoding API keys for HTTP Basic Auth headers — the HTTP Basic Authentication scheme sends credentials as a Base64-encoded string in the Authorization header, formatted as Basic base64(username:password). Understanding this encoding is essential when debugging authentication failures with tools like curl or when building an HTTP client from scratch.
• Inspecting Base64 payloads in JWT tokens — JSON Web Tokens consist of three URL-safe Base64-encoded sections separated by dots: header, payload, and signature. Decoding the second section (the payload) reveals the claims — such as user ID, roles, and expiration time — without needing the signing secret. Use our JWT Decoder for a structured view, or paste the payload segment here for a quick raw decode.

Best Practices and Tips

Base64 is simple to use but easy to misuse. These guidelines help you avoid the most common mistakes.

• Never treat Base64 as encryption. Base64 provides zero confidentiality. The encoding is fully reversible by anyone with access to the string and a standard library. If you need to protect data, use a proper encryption scheme such as AES-GCM. Reserve Base64 for transport encoding, not security.
• Account for the 33% size increase. If you are Base64-encoding large payloads — images, file contents, or large JSON blobs — factor the size overhead into your API payload size limits, database column widths, and network transfer budgets. A 1 MB binary becomes roughly 1.37 MB as Base64.
• Use URL-safe Base64 for URLs and JWTs. Standard Base64 uses + and /, which must be percent-encoded in URLs, turning a clean string into an unreadable mess. For any Base64 value that will appear in a URL path or query parameter, use the URL-safe variant that substitutes - for + and _ for /. JWTs always use URL-safe Base64 without padding.
• Decode before comparing strings. Two Base64 strings that look different may represent the same underlying data. Canonical Base64 is not the only valid encoding for a given byte sequence if padding is omitted or whitespace is inserted. Always decode both sides before comparing values in application logic.
• Check for correct padding. Standard Base64 output length is always a multiple of four, padded with = characters. Some implementations omit padding, which causes decoding failures in strict parsers. If you receive a Base64 string that fails to decode, try appending one or two = characters and decoding again.
• For URL encoding needs, use the right tool. Base64 and URL encoding solve different problems. Base64 is for binary-to-text conversion; URL encoding is for safely encoding special characters in query strings. Do not substitute one for the other.

Related Guides

• What is Base64? A Complete Guide — deep dive into the encoding scheme, the alphabet, and real-world examples
• Base64 Encoding Examples — practical code samples in JavaScript, Python, and shell

FAQ

Is Base64 encryption?

No. Base64 is an encoding, not encryption. Anyone can decode Base64 without a key. Never use Base64 to protect sensitive data.

Why does Base64 make data larger?

Base64 uses 4 characters to represent every 3 bytes of data, resulting in roughly 33% size increase. This trade-off is accepted when binary data must be transmitted through text-only channels.

Is my data safe?

Yes. All encoding and decoding happens in your browser. No data is sent to any server.

What is URL-safe Base64?

Standard Base64 uses + and / characters, which have special meaning in URLs. URL-safe Base64 replaces + with - and / with _ so the encoded string can be included in a URL query parameter or path segment without percent-encoding. JWT tokens use URL-safe Base64 for their header and payload sections.

Can I encode files to Base64 with this tool?

This tool encodes and decodes text strings. It is optimised for use cases like encoding API credentials, inspecting JWT payloads, or converting short text values for embedding in data URIs. For encoding entire binary files, a command-line tool such as base64 (macOS/Linux) or a dedicated file converter is more appropriate.