Base64 Encoder & Decoder

Encode text to Base64 or decode Base64 strings - runs entirely in your browser.

Stays in your browser · Always free

This free Base64 encoder and decoder converts plain text to Base64-encoded strings and back. It handles Unicode correctly by encoding to UTF-8 bytes first, so accented characters, emoji, and non-Latin scripts work as expected.

Common uses:

Encode API credentials or tokens for use in HTTP Authorization headers
Decode Base64 strings from API responses or JWT payloads
Encode text for embedding in data URIs or configuration files

Output

Base64 is a way of representing arbitrary binary or text data using only 64 printable ASCII characters. It's used everywhere developers need to ship data through systems that only understand plain text - HTTP headers, URL parameters, email attachments, JSON payloads. The encoder above handles UTF-8 correctly, so emoji and non-ASCII text round-trip cleanly. Base64 is encoding, not encryption - anyone can decode it instantly.

How Base64 works

Base64 takes the underlying bytes of your input and represents them using only the characters A–Z, a–z, 0–9, +, and /, with = as padding at the end. It does this by grouping every 3 input bytes (24 bits) into 4 output characters (each representing 6 bits - 2⁶ = 64, hence the name).

If the input doesn't divide evenly into 3-byte groups, the last group is padded with = characters. That's why Base64 strings often end in one or two equals signs - a small giveaway that you're looking at Base64.

Size overhead: 33% larger than the input. 100 bytes of input → 136 characters of Base64 output. This is why Base64 is fine for small payloads (auth headers, tokens, small images) but expensive for large ones (full files in JSON).

URL-safe Base64 is a variant that swaps + and / for - and _ (which don't need URL escaping). JWTs use it. Standard Base64 and URL-safe Base64 are not interchangeable; tools usually default to standard.

Where you'll actually see Base64

HTTP Basic Auth

The header Authorization: Basic <encoded> contains username:password Base64-encoded. admin:hunter2 becomes YWRtaW46aHVudGVyMg==. This is encoding, not encryption - Basic Auth is only safe over HTTPS.

JSON Web Tokens

A JWT is three Base64-encoded parts separated by dots. The first two parts (header and payload) are decodable by anyone - open one in this tool and you'll see the issuer, expiry, claims, etc. The third part is a signature that can't be forged without the secret.

Data URIs

data:image/png;base64,iVBORw0KGgo... embeds a binary image directly into HTML or CSS. Useful for tiny icons (avoids an extra HTTP request); wasteful for anything substantial because of the 33% size penalty.

Email attachments (MIME)

Email was originally text-only. To attach binary files, MIME wraps them as Base64-encoded blobs. You'll never see this directly unless you're poking at raw email headers.

Frequently asked questions

What is Base64 encoding?

A scheme that represents arbitrary binary or text data using only 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It's used to safely move data through text-only channels.

When would I use Base64?

Embedding images in HTML/CSS as data URIs, encoding tokens for HTTP headers, encoding email attachments, transmitting binary data inside JSON or XML, and reading the payload of JSON Web Tokens.

How do I decode a Base64 string?

Paste it into the input box and click Decode. The tool detects whether the input looks like valid Base64 and reports an error if it doesn't.

Is Base64 the same as encryption?

No. Base64 is encoding - anyone can decode it in milliseconds. It provides zero security. Never use Base64 to "hide" sensitive data; encrypt it first if it needs protection.

Does this tool handle Unicode characters?

Yes. The encoder converts text to UTF-8 bytes before encoding, so accented characters, emoji, and CJK text round-trip cleanly. Plain btoa() in JavaScript doesn't handle Unicode by default - this tool wraps it correctly.

Why does my Base64 string end with one or two equals signs?

Padding. Base64 encodes every 3 input bytes into 4 output characters. If the input length isn't a multiple of 3, the last group is padded with = to make the output length a multiple of 4.

What's URL-safe Base64?

A variant that uses - and _ instead of + and / so the encoded string can be used in URLs without further escaping. JWTs use it. Standard and URL-safe variants are not interchangeable - pick the one your target system expects.

Does this tool send my data anywhere?

No. All encoding and decoding runs in your browser. Open DevTools → Network and confirm: zero requests are made when you encode or decode. Useful when handling tokens, credentials, or anything you don't want sitting in a third party's logs.

Base64 Encoder & Decoder

Related tools