Encode any text string or file to Base64, or paste a Base64 string and decode it back to readable text. Toggle URL-safe mode to produce output without +, /, or = characters — safe for use in URLs, filenames, and HTTP headers. Everything runs in your browser with no server calls.
How to Use
Encoding Text
- Select Encode → Base64 (the default mode)
- Type or paste your plain text into the input panel
- The Base64-encoded output appears instantly in the right panel
- Toggle URL-safe if the output will be used in a URL, cookie, or filename
- Click Copy to copy the encoded string
Decoding Base64
- Select Decode ← Base64
- Paste your Base64 string into the input panel
- The decoded plain text appears in the output panel
- If the input is not valid Base64, an error message explains why
Encoding a File
- Stay in Encode mode
- Drag and drop a file onto the drop zone, or click to browse
- The file is read locally and its Base64 representation appears in the output — ready to embed in a data URI or JSON payload
Swapping Input and Output
Click Swap to move the current output into the input and reverse the mode — useful for a quick round-trip verification.
Standard vs URL-Safe Base64
| Variant | Characters Used | Padding | Use Case |
|---|---|---|---|
| Standard | A–Z a–z 0–9 + / |
= padding |
Email (MIME), file storage, general encoding |
| URL-safe | A–Z a–z 0–9 - _ |
No padding | URLs, JWT tokens, filenames, HTTP headers |
Standard Base64 uses + and / which are reserved characters in URLs — they get percent-encoded and distort the string. URL-safe Base64 replaces those characters so the encoded string passes through URLs unchanged. Most modern authentication tokens (including JWT) use URL-safe Base64.
Common Use Cases
- Data URIs — Encode images or fonts to Base64 to embed them directly in CSS or HTML, eliminating an extra HTTP request for small assets
- API payloads — Some APIs require binary data (images, PDFs, certificates) to be Base64-encoded before including them in JSON
- JWT tokens — JWT headers and payloads are URL-safe Base64-encoded JSON. Paste a JWT's middle segment (between the two dots) to decode it and inspect the claims
- Email attachments (MIME) — Email protocols encode binary attachments as standard Base64 for safe transport through text-based mail systems
- Basic authentication — HTTP Basic Auth encodes
username:passwordas Base64 in theAuthorizationheader. Paste the header value here to verify the credentials - Environment variables — Secrets containing special characters (newlines, quotes, slashes) are often Base64-encoded before being stored in
.envfiles or CI/CD secrets
Frequently Asked Questions
No. Base64 is an encoding scheme, not encryption. It converts binary data into a printable ASCII string using a fixed alphabet. Anyone who has the encoded string can decode it instantly — there is no key or secret involved. Never use Base64 to protect sensitive data.
If the original data was binary (an image, a compiled file, a zip), the decoded output will be binary data displayed as text — it will look like random characters. This tool is designed for text content. For binary files, you need a binary-aware tool.
Base64 encodes 3 bytes at a time into 4 characters. When the input length is not divisible by 3, one or two
= characters are appended to pad the output to a multiple of 4. Some systems strip or ignore padding — the URL-safe mode here removes it, which is compatible with most modern decoders.Yes, but large files will produce very large Base64 strings and may slow down the browser. For files over a few megabytes, use a command-line tool:
base64 -i input.png -o output.txt on macOS/Linux.Copy the JWT string, split it on the
. character — you get three segments. The first is the header, the second is the payload. Paste either segment into this tool in Decode mode to read the JSON contents. The third segment is the signature and is binary — it will not decode to readable text.