Base64 encoder decoder
Encode text to Base64 and decode Base64 back to UTF-8 with optional URL-safe alphabet support and copy-ready output.
About the Base64
Base64 rewrites arbitrary bytes using only 64 printable characters (A-Z, a-z, 0-9, plus + and /), so binary or non-ASCII data can travel safely through channels that only expect plain text. This tool encodes text to Base64 and decodes it back, and it handles full UTF-8 correctly, so accented letters, CJK characters, and emoji survive the round trip instead of turning into mojibake.
Use it to read a Base64 string you found in a JWT, a data URI, an email header, or a config file, or to wrap a snippet of text so it can sit inside a URL, an HTTP header, or a JSON field without breaking the surrounding syntax. Encoding is not encryption: anyone can decode it, so it protects formatting, not secrets.
How to use it
- Pick the Encode or Decode tab at the top.
- Paste your text or your Base64 string into the input panel; the output updates as you type.
- Turn on the URL-safe toggle if the value needs to live in a URL or filename.
- Read the result in the output panel, or the error message if a decode fails.
- Click Copy to grab the output.
Examples
Encode UTF-8 text without corruption
Encode 'cafe' with an accent, plus a smiley emoji. Each non-ASCII character is first turned into its UTF-8 bytes, then those bytes are Base64-encoded, so decoding gives you back the exact original string. A naive encoder that ignores UTF-8 would mangle both characters.
Read a value with standard padding
Decode aGVsbG8= and you get 'hello'. The single = is padding: Base64 works in 3-byte groups that map to 4 characters, and when the input is not a multiple of 3 bytes, one or two = signs pad the final group out to a full quartet.
Make a token URL-safe
Standard Base64 can emit + and / and =, all of which have special meaning in URLs. Switch on URL-safe and those become - and _ with trailing padding removed, producing a string you can drop straight into a query parameter or path segment without percent-encoding it.
Frequently asked questions
- What is the difference between standard and URL-safe Base64?
- Standard Base64 uses + and / as its last two symbols and pads with =. URL-safe Base64 swaps those for - and _ and drops the padding, because +, /, and = are reserved or awkward inside URLs and filenames. Decode with the same mode you encoded with.
- Why are there one or two equals signs at the end?
- Base64 encodes three bytes into four characters. When the input length is not divisible by three, the final group is padded so it still has four characters: one = means the group held two bytes, two = means it held one byte. URL-safe mode removes this padding and recomputes it on decode.
- Why is the encoded text longer than the original?
- Base64 represents 3 bytes with 4 ASCII characters, so output is about 33 percent larger than the input, plus a little padding. That size cost is the trade-off for being able to send any bytes through a text-only channel.
- Is Base64 a form of encryption?
- No. It is a reversible encoding with no key, so anyone can decode it instantly. Use it to make data transport-safe, never to hide passwords or tokens. For secrecy you need real encryption.
- My decode failed. What went wrong?
- The input was not valid Base64: it may contain characters outside the alphabet, have the wrong length, or be URL-safe text decoded in standard mode (or the reverse). Check that the toggle matches how the string was produced, and that nothing was truncated.
Good to know
Base64 shows up constantly once you know its alphabet. Data URIs (data:image/png;base64,...) embed images directly in HTML and CSS, the two dot-separated halves before the signature in a JWT are URL-safe Base64 JSON, and SMTP encodes non-ASCII email bodies this way. Spotting the trailing = or the limited character set is often how you recognise it.
A few cautions. Base64 inflates size by roughly a third, so it is a poor choice for large binaries you could send raw. It offers no integrity check, so a single flipped character can silently decode to different bytes. And because it is trivially reversible, treat any encoded secret as plaintext. When the target is specifically a URL or filename, prefer the URL-safe mode here over running standard Base64 through a separate percent-encoder.