Base64 Encoder / Decoder

Encode & decode Base64

Convert text to Base64 and back, instantly and privately in your browser.

100% free
No signup
Runs in your browser
Private

Base64 Encoder / Decoder

Mode

Input

Output

Your result will appear here.

Why

Why do you need a Base64 encoder?

Base64 encodes binary or text data into a safe set of ASCII characters, which is why it shows up everywhere in development — data URIs, email attachments, API tokens, and config files. Sometimes you need to encode a value; other times you need to read what an encoded blob says. The reason Base64 exists is that many systems were designed to handle plain text reliably but choke on raw binary or on characters outside a narrow range. Email, for example, was historically a text-only medium, so a photo or PDF attachment has to be translated into letters, digits, and a couple of symbols before it can travel through a mail server intact. Base64 is that translation: it takes any sequence of bytes and re-expresses it using only sixty-four printable characters, guaranteeing the data survives transport through channels that would otherwise mangle it. Having a quick encoder and decoder on hand turns this routine but fiddly task into a single paste.

This tool encodes text to Base64 and decodes Base64 back to text, with full Unicode support, entirely in your browser so sensitive values never leave your device. That local-only design matters because the strings you work with are often confidential — API keys, session tokens, signed payloads, or snippets of configuration that should never be pasted into a random website that quietly logs everything it receives. Because all of the encoding and decoding here is done with JavaScript on your own machine, there is no upload, no server-side processing, and no copy of your data sitting in someone else's logs. You can disconnect from the internet after the page loads and the tool keeps working, which is the clearest possible proof that your input is staying put. For anyone who handles secrets as part of their job, that privacy is not a nice-to-have but a requirement.

Understanding what Base64 actually does helps you use it correctly. The algorithm reads your data three bytes at a time, which is twenty-four bits, and splits those bits into four groups of six. Each six-bit group maps to one character in the Base64 alphabet, which is the uppercase letters, the lowercase letters, the digits zero through nine, and the two symbols plus and slash. When the input length is not a clean multiple of three, the output is padded with one or two equals signs so the result is always a multiple of four characters. This is why Base64 strings are roughly a third larger than the original data and why they so often end in one or two equals signs. Knowing this structure makes encoded values far less mysterious: you can recognize Base64 on sight and understand why a tiny image becomes a long inline string.

A point that constantly trips people up is that Base64 is encoding, not encryption, and treating it as a security measure is a serious mistake. Encoding simply changes the representation of data so it can move safely through a text channel, but the transformation is completely public and reversible by anyone — there is no key and no secret involved. Decoding a Base64 string requires nothing more than the same algorithm everyone has access to, including this tool. So while it is perfectly fine to store a token in Base64 form for transport, you should never assume that Base64 hides or protects sensitive information. If a value needs to be kept secret, it must be encrypted with a real algorithm and a key, and only then perhaps encoded for transport. Confusing the two has led to real breaches where developers believed Base64 was obscuring credentials that were, in fact, trivially readable.

Data URIs are one of the most common everyday uses of Base64, and a good encoder makes them painless to build. A data URI embeds a small file — typically an image, font, or short asset — directly inside HTML or CSS as a Base64 string, so the browser does not have to make a separate network request to fetch it. For tiny icons or background images, inlining them this way can shave off round trips and speed up the first render, which is why build tools often inline small assets automatically. To craft one by hand you encode the file's bytes to Base64 and wrap it with the appropriate media-type prefix. Being able to encode quickly and copy the result lets you prototype these inline assets, test a snippet, or decode an existing data URI to inspect what was embedded. It is worth remembering that the encoded form is about a third larger than the original file, so inlining is a win for very small assets but a poor trade for large ones, which are better served by a normal cached request.

Base64 also surfaces constantly when you are debugging and inspecting systems, which is where a decoder earns its keep. JSON Web Tokens are made of Base64URL-encoded segments, basic authentication headers carry Base64-encoded credentials, many APIs return binary results as Base64 fields, and configuration formats frequently store certificates or keys in Base64 blocks. When something goes wrong, being able to paste one of these strings and instantly see the human-readable content underneath turns an opaque error into an obvious one. You can confirm whether a token contains the claims you expect, check that a credential header was assembled correctly, or verify that a config value decodes to the certificate you intended. Without a quick decoder this kind of investigation means writing throwaway scripts; with one, it is a single paste and a glance.

It also pays to understand the variants of Base64 so you do not get tripped up by the wrong flavor. The standard alphabet uses plus and slash for its last two characters, but those are problematic in URLs and filenames, so a separate Base64URL variant swaps them for hyphen and underscore and often drops the trailing padding. This is the form you see in JWTs and in many web tokens, and feeding a Base64URL string into a strict standard decoder, or the reverse, is a common reason decoding appears to fail. There are also subtler issues like line wrapping, where some systems insert newlines every sixty-four characters in long encoded blocks, and whitespace that sneaks in when you copy a value from a terminal or an email. A good mental model of these edge cases means that when a decode does not work, you can usually spot the cause — wrong variant, stray whitespace, missing padding — and fix it in seconds rather than assuming the data itself is corrupt.

How

How to use the Base64 tool

Choose mode

Pick Encode to turn readable text into a Base64 string, or Decode to turn a Base64 string back into readable text. Selecting the right mode is the only setting you need, since the tool handles UTF-8 and padding automatically.

Paste your input

Add the text you want to encode or the Base64 string you want to decode into the input box. Everything you paste stays in your browser, so it is safe to drop in tokens, config values, or other sensitive strings.

Copy the output

The converted result appears instantly and is ready to copy into your code, config, terminal, or wherever you need it. If decoding fails, check the input for stray characters or whitespace and try again.

Who

Who needs a Base64 encoder?

Developers

Developers encode and decode tokens, data URIs, and API payloads constantly while building and integrating systems. A quick local tool saves writing throwaway scripts every time a value needs to be wrapped for transport or read back during debugging, which adds up across a workday spent moving data between services that each have their own encoding expectations.

QA engineers

Testers inspect encoded values in requests and responses to verify that systems are passing the right data. Decoding a Base64 field on the spot confirms whether a payload, credential header, or token contains exactly what the test expects.

Sysadmins & DevOps

Operations staff read and write Base64 values in configuration files, Kubernetes secrets, and certificates, where binary data is routinely stored as text. Being able to decode a secret to verify its contents, or encode a new value to insert, is a daily task.

Students & learners

People learning how data moves through systems use a Base64 tool to see encoding and decoding in action. Watching text turn into the sixty-four-character alphabet and back makes an abstract concept concrete and builds intuition for how transport encoding works.

Security researchers

Analysts frequently decode Base64 strings found in tokens, headers, payloads, and obfuscated samples to reveal what they actually contain. A fast, private decoder lets them inspect suspicious values without exposing them to a third-party service.

Support & integration teams

People who connect software to third-party APIs often need to assemble or read Base64-encoded authentication headers and webhook payloads. Encoding credentials correctly and decoding incoming data quickly keeps integrations moving without guesswork, and being able to verify a value on the spot turns a vague vendor error into a concrete, fixable detail.

When

When do you need Base64?

Debugging APIs

When a response or request contains a Base64-encoded field and you need to see what is inside it. Decoding the value on the spot turns an opaque blob into readable content so you can confirm the data is correct.

Building data URIs

When embedding a small image, font, or asset directly into HTML or CSS to avoid an extra network request. Encoding the file to Base64 and wrapping it with the right media-type prefix produces an inline asset the browser can render without fetching it.

Reading tokens

When you need to decode an encoded value such as a JWT segment or an authentication header to verify its contents. A quick decode confirms whether the claims, credentials, or payload match what you expect, which is often the fastest way to tell whether an authentication problem lies in the token itself or somewhere else entirely.

Working with config files

When secrets, certificates, or keys are stored Base64-encoded in configuration, you may need to decode one to inspect it or encode a new value to insert. This is routine when managing environment files and orchestration secrets.

Sending binary over text channels

When data has to travel through a medium that only handles text reliably, such as email or certain message formats, encoding it to Base64 keeps the bytes intact in transit. Decoding on the other end restores the original content exactly.

Inspecting suspicious strings

When you encounter an unfamiliar Base64-looking string in logs, headers, or a sample, decoding it reveals whether it hides readable text or data. A private, local decoder lets you do this without sending the value to an external service, which matters when the string might contain sensitive or malicious content you would not want to hand to a random website.

Frequently Asked Questions

Does it support Unicode/emoji?

Yes. Encoding and decoding handle full UTF-8, including accented characters, non-Latin scripts, and emoji. The tool encodes the text as UTF-8 bytes before converting to Base64, so multi-byte characters round-trip correctly in both directions.

Is my data private?

Yes — everything runs locally in your browser, so nothing is uploaded or stored on a server. You can even disconnect from the internet after the page loads and it will keep working, which makes it safe for tokens, secrets, and other sensitive values.

Why did decoding fail?

The input wasn't valid Base64. Common causes are stray characters, missing or extra padding, or accidentally including surrounding quotes or whitespace. Remove anything that is not part of the Base64 alphabet and try again.

Is Base64 encryption?

No. Base64 is encoding, not encryption — the transformation is public and reversible by anyone with the standard algorithm, including this tool. It hides nothing, so never rely on it to protect secrets; encrypt sensitive data with a real key-based algorithm instead.

Is it free?

Yes, completely free with no sign-up, no trial, and no usage limits. Both encoding and decoding are available immediately when the page loads, and you never have to create an account.

Why are Base64 strings longer than the original?

Base64 represents every three bytes of input using four output characters, so the encoded result is roughly a third larger than the original data. This size increase is the trade-off for being able to move binary data safely through text-only channels.

What do the equals signs at the end mean?

They are padding. Base64 works in blocks of four characters, so when the input length is not a clean multiple of three, one or two equals signs are added to fill out the final block. Seeing them at the end of a string is normal and expected.

What is the difference between Base64 and Base64URL?

Standard Base64 uses the plus and slash characters, which are unsafe in URLs and filenames. Base64URL replaces them with hyphen and underscore and often omits padding, so it can be used in links and tokens like JWTs without further escaping.

Can I decode a JWT with this tool?

You can decode the individual Base64URL segments of a JWT to read the header and payload, since they are just Base64-encoded JSON. The tool does not verify the token's signature, so use it for inspection rather than for trusting the contents. Because JWTs use the URL-safe alphabet, you may need to convert hyphens and underscores back to plus and slash if a strict decoder complains.

Does it handle large inputs?

Yes, within the limits of your device's memory. Because the work is done locally and not sent to a server, even sizeable strings convert quickly without any upload delay, though extremely large files are better handled by dedicated build tooling.

Can I encode a file or image?

This tool encodes text input directly. To Base64-encode a file, you would first read its bytes as text or use a build step, but for pasting and converting strings, tokens, and small snippets it is ideal. Decoding back to readable text works for any text-based payload.

Does it work on mobile?

Yes, the encoder and decoder work in any modern mobile browser exactly as they do on desktop. You can paste, convert, and copy Base64 strings on your phone or tablet without installing anything.

Why does my Base64 contain line breaks?

Some systems, particularly older email and certificate formats, wrap Base64 output into lines of sixty-four characters for readability. Those newlines are not part of the data, so most decoders ignore them, but if a strict decoder fails, remove the line breaks before decoding and the value will resolve correctly.

Is Base64 the same as hashing?

No. Hashing is a one-way function that cannot be reversed to recover the original input, whereas Base64 is a fully reversible encoding. If you can turn the output back into the input — which you always can with Base64 — it is encoding, not hashing, and it provides no integrity or secrecy guarantees. People sometimes confuse the two because both produce strings of seemingly random characters, but their purposes are completely different.

Ready to try it yourself?

Convert text to Base64 and back, instantly and privately in your browser.

Use the Base64 Encoder / Decoder

Why do you need a Base64 encoder?