🔐 Base64 Encoder / Decoder

Encode or decode Base64 strings instantly - runs entirely in your browser, nothing sent to any server.

URL-safe (no +/=//)

Input (Plain Text)

Output (Base64)

SGVsbG8sIFdvcmxkIQ==

20 characters

Quick Examples - click to load

What is Base64 actually used for in web development?

Base64 appears constantly in web development: HTTP Basic Authentication sends credentials as Base64 of 'username:password' in the Authorization header — decode any 'Authorization: Basic ...' header and you find the credentials in plain text. JWTs are three Base64URL-encoded sections separated by dots. Data URIs embed images directly in CSS or HTML as base64-encoded strings. Email attachments are Base64-encoded when sent over SMTP. OAuth tokens and webhook signatures are frequently Base64-encoded.

What is the difference between Base64 and Base64URL?

Standard Base64 uses characters A-Z, a-z, 0-9, +, and /. The + and / characters are not URL-safe. Base64URL replaces + with - and / with _ to produce output safe for URLs without percent-encoding. JWTs always use Base64URL for this reason. When decoding a JWT header or payload manually, use Base64URL decoding. This tool auto-detects: if the input contains - or _ characters, it applies Base64URL decoding.

Does Base64 encoding make data secure?

No — Base64 is encoding, not encryption. It is trivially reversible. If you see 'Authorization: Basic dXNlcjpwYXNzd29yZA==' in an HTTP header, decoding it gives 'user:password' instantly. Base64 exists to safely transmit binary data over text-based protocols, not to protect sensitive data. For protection, use proper encryption: AES-256-GCM for symmetric, RSA or ECDH for asymmetric.

Why does Base64 output sometimes end with = or ==?

Base64 encodes 3 bytes into 4 characters. When input length is not a multiple of 3, padding characters (=) are added. One = means the last group had 2 bytes; == means it had 1 byte. Some Base64 variants omit padding (JWTs do this). If a Base64 string without padding fails to decode, try adding = or == to the end. This decoder handles both padded and unpadded input automatically.

How do I decode a JWT token payload using Base64?

A JWT looks like xxxxx.yyyyy.zzzzz. Take the middle section (between the first and second dots), paste it here, and decode. The result is a JSON object with the token's claims. Note: JWT uses Base64URL encoding (- instead of + and _ instead of /) and usually omits = padding — this tool handles both. For a dedicated JWT experience showing automatic claim parsing and expiration display, use the JWT Decoder tool on this site.

Can I use this to encode images for data URIs in CSS?

Yes, though for image files specifically the Image to Base64 tool is more convenient — it accepts a file upload and produces the complete data:image/png;base64,... URI ready to paste into CSS. For text or arbitrary data, this encoder handles it. Data URIs are useful for small icons under 5KB. Larger images should remain as separate files — a 100KB image as a data URI adds 133KB to your HTML/CSS due to the ~33% size increase from Base64 encoding.

What other encoding tools are on this site?

The URL Encoder handles percent-encoding for query strings. The HTML Encoder handles character entity escaping for HTML contexts. The Binary to Text Converter converts characters to 0s and 1s. The Base Converter converts between decimal, hex, octal, and binary number systems. The Image to Base64 tool converts image files to data URIs. All are in the Dev Tools Encoders section.

Complete Guide

📊 Key Data Points

Not encryption

Base64 is an encoding, not encryption. Anyone who sees your Base64 string can decode it in seconds. Do not use Base64 to hide sensitive data.

Base64URL for JWTs

JWT tokens use Base64URL (- and _) not standard Base64 (+ and /) — the difference matters when decoding manually

Data URI format

data:image/png;base64,iVBORw0... — the MIME type prefix tells the browser how to interpret the encoded data

Base64 Encoder and Decoder -- Complete USA Guide 2026

Base64 is everywhere in web development: JWT tokens use Base64URL encoding, HTTP Basic Auth uses Base64, CSS data URIs use Base64, and many APIs encode binary responses as Base64 strings in JSON. Understanding which variant (standard vs URL-safe) and being able to encode/decode quickly is essential.

This tool runs entirely in your browser — your data is never transmitted.

**Long-tail searches answered here:** base64 encoder decoder online free, encode decode base64 browser no server, base64url encoder free browser tool.

For JWT tokens, pair with JWT Decoder.

🔬 How This Calculator Works

Encodes text, binary data, and files to Base64 and decodes Base64 back. Supports standard Base64 (uses + and /) and Base64URL (uses - and _ — safe in URLs and JWT tokens without percent-encoding). Auto-detects which variant is needed. File encoding converts images, PDFs, and any binary file to a Base64 data URI. All encoding runs in the browser — nothing is transmitted.

✅ What You Can Calculate

Standard Base64 and Base64URL

Supports both standard Base64 (RFC 4648) and Base64URL (RFC 4648 Section 5) — auto-detecting which variant to use based on whether the input contains + or - characters.

File to data URI

Convert images, PDFs, and other binary files to Base64-encoded data URIs for embedding directly in HTML, CSS, or JSON.

Auto-detection

Automatically detects whether input is Base64 or Base64URL encoded and uses the correct decoding.

Encoding clarity

Shows the character set, padding, and variant being used — eliminates confusion between the two Base64 variants.

🎯 Real Scenarios & Use Cases

JWT debugging

JWT headers and payloads are Base64URL encoded (not standard Base64). Decode the three parts of a JWT here to inspect the header algorithm and payload claims.

HTTP Basic Auth decoding

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= is just username:password encoded in Base64. Decode any Basic Auth header here to see the credentials.

Inline images in CSS

background-image: url(data:image/png;base64,...) embeds image data directly in CSS. Encode your small icon here to eliminate one HTTP request.

API response binary data

Some APIs return binary data (PDFs, images) as Base64-encoded strings in JSON responses. Decode here to verify the content.

💡 Pro Tips for Accurate Results

Base64URL for JWTs. JWT headers and payloads use Base64URL (not standard Base64). The plus becomes minus and slash becomes underscore to avoid percent-encoding in URLs. Use JWT Decoder to decode complete JWT tokens.

Not encryption. Base64 is an encoding, not encryption. Anyone who sees your Base64 string can decode it in seconds. Do not use Base64 to hide sensitive data.

Data URIs for small images. data:image/png;base64,iVBORw0... embeds image data directly in HTML/CSS. Eliminates an HTTP request but increases HTML size. Best for small icons and inline SVGs.

HTTP Basic Auth is Base64. Authorization: Basic encoded-value is just username:password encoded in Base64. Decode any Basic Auth header here to see the credentials in plain text.

🔗 Use These Together

URL Encoder→JWT Decoder→Image to Base64→String Inspector→Hash Generator→Character Encoder→HTML Encoder→Binary Text Converter→

🏁 Bottom Line

Base64 is everywhere — JWTs, HTTP auth headers, data URIs, email attachments, and binary-to-text encoding. This encoder handles both standard and URL-safe variants with auto-detection. For JWT decoding: JWT Decoder. For image encoding: Image to Base64.