Base64 Encoder & Decoder — Convert Text and Data Online
Encode text to Base64 or decode Base64 back to readable text. Handles UTF-8, works offline, and never sends your data anywhere. Useful for JWT tokens, data URIs, API authentication headers, and email encoding.
What Base64 Actually Does
Base64 takes binary data and represents it using only 64 "safe" ASCII characters (A-Z, a-z, 0-9, +, /) plus = for padding. It's defined in RFC 4648 and has been around since the MIME email standard in the early 1990s.
Why does it exist? Because many systems (email, JSON, URLs, XML) can only handle text. If you need to stuff a PNG image into a JSON response or an email body, you can't just dump raw bytes in there — you need to encode them as text first. Base64 is the standard way to do that.
The trade-off: Base64 increases data size by exactly 33% (plus padding). Every 3 bytes of input become 4 characters of output. A 1MB image becomes ~1.33MB as Base64. That's why you shouldn't Base64-encode large files for web delivery — use actual file uploads or CDN URLs instead. But for small assets (icons under 5KB, font subsets) or data that must travel through text-only channels, the 33% overhead is worth it.
How to Use
- Pick Encode or Decode mode at the top.
- Paste your text (for encoding) or Base64 string (for decoding) into the input.
- Hit the button — result appears instantly.
- Copy the output. For data URIs, prepend "data:image/png;base64," yourself.
When You'll Actually Need This
Inspecting JWT token payloads
JWTs have three Base64url-encoded parts separated by dots. Paste the middle part (payload) here to decode it and see the claims — user ID, expiration time, roles — without installing a JWT library.
Creating data URIs for inline images
Need to embed a small icon directly in CSS or HTML without an extra HTTP request? Encode the image file to Base64, then use it as: background-image: url(data:image/png;base64,YOUR_STRING_HERE). Keep it under 5KB or you're hurting performance.
HTTP Basic Authentication headers
Basic Auth requires "username:password" encoded as Base64 in the Authorization header. Paste "admin:secretpass" here, encode it, and use the result in your API testing tool or curl command.
Debugging encoded API payloads
Some APIs return Base64-encoded fields (AWS Lambda responses, Kubernetes secrets, SAML assertions). Paste the encoded string here to see what's actually inside without writing a decode script.
Things to Know
Base64 is NOT encryption
This is the #1 misconception. Base64 is trivially reversible — anyone can decode it. Never use it to "hide" passwords, API keys, or sensitive data. If you see a password stored as Base64 in a config file, that's a security bug, not a security measure.
Watch out for URL-safe vs standard Base64
Standard Base64 uses + and / which break URLs. URL-safe Base64 (RFC 4648 §5) replaces them with - and _. JWTs use URL-safe. Most APIs use standard. If your decoded output looks like garbage, you might be using the wrong variant.
Don't Base64-encode large files for the web
A 100KB image as Base64 in your CSS = 133KB of text that can't be cached separately, can't be loaded lazily, and bloats your stylesheet. Use Base64 for tiny assets only (< 5KB). Everything else should be a regular file served from a CDN.
UTF-8 encoding matters
Base64 encodes bytes, not characters. "Hello" in ASCII is 5 bytes. "你好" in UTF-8 is 6 bytes. If you encode text, make sure both sides agree on the character encoding (UTF-8 is the safe default). Mismatched encoding = garbled output.
Real-World Examples
Decode a JWT payload
The middle section of a JWT token — decode it to see the user claims.
Input
eyJ1c2VySWQiOjQyLCJyb2xlIjoiYWRtaW4iLCJleHAiOjE3MTY5OTIwMDB9Output
{"userId":42,"role":"admin","exp":1716992000}Encode credentials for Basic Auth
HTTP Basic Authentication requires base64("username:password").
Input
admin:my-secret-passwordOutput
YWRtaW46bXktc2VjcmV0LXBhc3N3b3JkFeatures
- Encode and decode in one tool — toggle between modes
- Full UTF-8 support (Chinese, Japanese, emoji — all work)
- Handles multi-line input without issues
- Runs entirely in your browser — no server round-trip
- No size limit beyond your browser's memory
- Free, no signup, no tracking
Frequently Asked Questions
Why does Base64 make my file 33% bigger?
Base64 maps every 3 bytes of input to 4 ASCII characters. That's a 4/3 ratio = 33.3% increase. Plus 1-2 padding characters (=) at the end if the input length isn't divisible by 3. There's no way around this — it's inherent to the encoding.
Can I decode a JWT token with this tool?
Partially. JWTs use Base64url encoding (- and _ instead of + and /). The payload (middle part) decodes to readable JSON. The signature (last part) decodes to binary gibberish because it's a cryptographic hash. This tool handles both standard and URL-safe Base64.
Is Base64 the same as encryption?
No. Absolutely not. Base64 is encoding — it's fully reversible by anyone with zero effort. It provides zero security. If someone tells you their API "encrypts" data with Base64, run. Use AES-256 or similar for actual encryption.
Why do Kubernetes secrets use Base64?
Kubernetes stores secrets as Base64 in YAML/JSON manifests because binary data can't go in YAML directly. But this is NOT security — anyone with kubectl access can decode them instantly. Use sealed-secrets or external secret managers (Vault, AWS Secrets Manager) for real protection.
What's the difference between Base64 and URL encoding?
Different problems, different solutions. URL encoding (percent-encoding) makes individual characters URL-safe by replacing them with %XX. Base64 converts arbitrary binary data to a text string. Use URL encoding for query parameters with special characters. Use Base64 for embedding binary data in text formats.
Tips & Related Workflows
- Decoded a JSON payload? Format it nicely with our JSON Formatter.
- Need to encode special characters in a URL instead? Use our URL Encoder/Decoder.
- Verify data integrity after encoding by generating a hash with our Hash Generator.
- Embed Base64-encoded data in a QR code using our QR Code Generator.