Free Base64 Encoder & Decoder

Encode text to Base64 and decode Base64 strings instantly. Supports UTF-8, URL-safe Base64 (Base64url), and easy JWT inspection. All processing in your browser.

Plain Text Input

Base64 Output

All processing happens in your browser — your data never leaves your device.

About Free Base64 Encoder & Decoder

Base64 is one of the most widely used encoding schemes in modern computing, even though most developers encounter it without fully understanding what it does or why it exists. The core problem Base64 solves is this: many data transmission systems (email MIME, HTTP headers, URLs, XML, JSON) were designed to handle only printable ASCII text. Binary data — images, audio files, cryptographic keys, arbitrary bytes — contains characters outside the ASCII printable range that these systems cannot safely transmit. Base64 converts binary data into a safe representation using only 64 printable ASCII characters (A-Z, a-z, 0-9, +, /), making it transmissible through any text-based system.

Our free Base64 encoder and decoder converts text or binary data to Base64 and back, handling UTF-8 characters (including international scripts, emoji, and special characters) correctly. Standard Base64 uses + and / characters that have special meaning in URLs — the URL-safe variant (Base64url) replaces these with - and _ for use in JWTs, URL parameters, and file names. A swap button lets you instantly reverse an encode operation for decoding — useful when inspecting JWT payloads or API responses. Input size, output size, and size increase percentage are displayed after processing so you can understand the overhead Base64 adds. All processing uses the browser's built-in btoa/atob functions combined with TextEncoder/TextDecoder for correct UTF-8 handling — no data ever leaves your browser.

Key Features

Everything you need — no software installation required.

🔤

UTF-8 Text Encoding

Correctly encodes any Unicode text to Base64 using TextEncoder, which converts the string to UTF-8 bytes before Base64 encoding. This handles international characters, emoji, Arabic, Chinese, and any other Unicode script correctly — unlike btoa() alone, which fails on characters outside the Latin-1 range.

🔗

URL-safe Base64 (Base64url)

Standard Base64 uses + and / characters which have special meaning in URLs and must be percent-encoded. Toggle URL-safe mode to produce Base64url output, which replaces + with - and / with _, and omits padding (=). Base64url is used in JSON Web Tokens (JWTs), URL parameters, file names, and any context where standard Base64 characters would need escaping.

↕️

One-Click Swap

After encoding text to Base64, click Swap to instantly move the output to the input field and switch to Decode mode. This makes it quick to inspect the result of an encoding operation, or to test round-trip encode/decode accuracy without having to manually copy and paste.

📊

Size Analysis

After processing, the tool displays input character count, output character count, and — for encoding operations — the percentage size increase. Base64 encoding always increases data size by approximately 33% (4 output characters for every 3 input bytes). This overhead is important to consider when embedding Base64 data in web pages or APIs.

📋

One-Click Copy

Copy the encoded or decoded output to your clipboard with a single click. The button displays a green 'Copied!' confirmation for 2 seconds. Works in Chrome, Firefox, Safari, and Edge on desktop and mobile using the modern Clipboard API with a fallback for older browsers.

🔒

100% Private — Browser-Only

All encoding and decoding uses the browser's built-in btoa(), atob(), TextEncoder, and TextDecoder APIs. No data is transmitted to any server. This makes the tool safe for encoding sensitive values: API keys, authentication tokens, private keys, passwords, and personal data.

How to Use Free Base64 Encoder & Decoder

Get your result in seconds — completely free, no registration needed.

Select Encode or Decode mode

Click Encode to convert plain text to a Base64 string, or Decode to convert a Base64 string back to plain text. The input label updates to show what type of content is expected.

Toggle URL-safe mode if needed

If you are working with JWT tokens, URL parameters, file names, or any context where + and / characters would need percent-encoding, toggle URL-safe (Base64url) mode on. This replaces + with - and / with _ in the output, and removes padding.

Enter your text and process

Type or paste your input into the left text area. Click Encode or Decode. The result appears in the right text area along with character counts and — for encoding — the size increase percentage.

Copy or swap the result

Click Copy to copy the output to your clipboard. Click Swap to move the output to the input and switch modes — useful for quickly verifying that a decode operation produces the original text, or for inspecting JWT payload content.

Base64 Variants and Common Use Cases

Wide format support ensures compatibility with virtually any file you upload.

Format	Description	Best For	Quality
Standard Base64	Uses A-Z, a-z, 0-9, +, /. Padded with = to a multiple of 4 characters. RFC 4648 §4. Most widely used variant.	Email attachments (MIME), HTTP Basic Auth, data URIs	Standard — use for most cases
URL-safe Base64 (Base64url)	Replaces + with -, / with _, and omits padding. RFC 4648 §5. Safe for use in URLs, file names, and HTTP headers without percent-encoding.	JWT tokens, OAuth tokens, URL parameters, file names	Required for URLs and JWTs
Data URI (image/file)	Format: data:[mime-type];base64,[base64-data]. Used to embed binary files directly in HTML, CSS, and JSON without a separate HTTP request.	Small icons in CSS, inline images in email HTML	Avoid for files > 5 KB (increases page size)
HTTP Basic Auth	Username:password encoded to Base64, sent in Authorization header: Basic [base64]. Not encrypted — must be used over HTTPS only.	HTTP Basic Authentication header value	Use HTTPS — Base64 provides no security

Who Uses Free Base64 Encoder & Decoder?

Trusted by millions of users across different industries and workflows.

🔑

JWT Token Inspection

JSON Web Tokens consist of three Base64url-encoded parts separated by dots: header.payload.signature. To inspect a JWT payload, copy the middle section (between the first and second dot), switch to Decode mode with URL-safe enabled, and decode it to see the claims object with user ID, expiry, and other data.

🌐

API Development

Many REST APIs use Base64 encoding for authentication (HTTP Basic Auth: username:password), for binary data in JSON payloads, and for passing binary identifiers in query parameters. Use this tool to encode API credentials for testing, decode API responses, and verify that encoded values are correct.

🖼️

Data URI Generation

Embed small images, fonts, or other binary assets directly in CSS or HTML as data URIs (data:image/png;base64,[...]) to eliminate HTTP requests for tiny resources. Encode your asset to Base64, then prefix it with the appropriate data URI scheme. Best for assets under 5 KB.

📧

Email Attachments (MIME)

Email attachments are transmitted as Base64-encoded binary data within MIME multipart messages. When debugging email delivery issues or building email clients, you may need to encode attachments to Base64 or decode received attachment data to inspect its contents.

⚙️

Configuration and Secrets

Kubernetes Secrets, Docker environment files, and many CI/CD platforms store binary or sensitive values as Base64-encoded strings in YAML/JSON configuration. Encode secrets before inserting them into configuration files, or decode values from existing configurations to inspect them.

🔒

Cryptography & Security

PEM-format TLS certificates, SSH public keys, GPG key exports, and PKCS#12 files are all Base64-encoded. When inspecting certificate files or sharing cryptographic material, you may need to encode binary key material to Base64 for text-based contexts or decode Base64 to binary for cryptographic operations.

Why Choose Our Tool?

Built for speed, privacy, and reliability — everything works right in your browser.

✓

Correct UTF-8 handling

The browser's built-in btoa() fails on characters outside Latin-1 (accents, emoji, CJK). This tool uses TextEncoder to convert to UTF-8 bytes first, ensuring correct encoding of any Unicode text.

✓

No account or registration

Open the tool, enter text, encode or decode, copy. No sign-up, no email, no subscription. Free and immediately available.

✓

Safe for sensitive data

Base64 is commonly used with secrets, tokens, and credentials. Because no data leaves your browser, this tool is safe for encoding sensitive values that you would never want transmitted to a third-party server.

✓

Works offline after page load

Once loaded, the tool works without internet access. btoa, atob, TextEncoder, and TextDecoder are all browser built-ins — no network request is needed for any processing.

Pro Tips & Best Practices

Get the best results with these expert recommendations.

💡

Base64 is not encryption

Base64 provides zero security. Anyone who obtains a Base64 string can decode it immediately — there is no key, no password, no protection. Never use Base64 to 'hide' sensitive data. For actual encryption, use AES-256-GCM or another authenticated encryption algorithm.

💡

Use URL-safe Base64 for JWTs and URLs

Standard Base64's + and / characters must be percent-encoded in URLs (%2B and %2F). If you include standard Base64 in a URL query parameter without encoding, the URL will be malformed. Use URL-safe Base64 (Base64url) which replaces these characters with URL-safe equivalents.

💡

Data URIs for tiny assets only

Base64 encoding increases file size by ~33%. A 10 KB image becomes ~13 KB as a data URI. For assets above 5–10 KB, a separate HTTP request is more efficient — especially with HTTP/2 multiplexing, which minimises the cost of additional requests.

💡

Decode JWT payloads to inspect claims

If you receive a JWT and want to see its claims without writing code, copy the middle section (between the two dots), toggle URL-safe mode on, and decode. The payload is a standard JSON object containing the user's claims. Remember: JWT payloads are not encrypted — only signed.

Related Tools

More free online tools you might find useful.

URL Encoder/Decoder

Encode URL query parameters with percent-encoding

JSON Formatter

Format and validate JSON — common in API work

Text Case Converter

Convert between camelCase, snake_case, kebab-case

Password Generator

Generate cryptographically secure random passwords

Frequently Asked Questions

Everything you need to know about Free Base64 Encoder & Decoder.

What is Base64 used for?

Base64 is used to encode binary data as text so it can be safely transmitted through systems that only support ASCII text. Common uses include: email attachments (MIME encoding), HTTP Basic Authentication header values, embedding images as data URIs in HTML/CSS, JWT (JSON Web Token) header and payload encoding, Kubernetes and Docker secret storage, and API payload encoding for binary data.

Is Base64 a form of encryption?

No. Base64 is encoding, not encryption. It provides absolutely no security — any Base64 string can be decoded instantly by anyone who has it. Do not use Base64 to hide or protect sensitive data. For actual encryption, use AES-256 (symmetric) or RSA/ECDSA (asymmetric) through a proper cryptographic library.

What is the difference between standard Base64 and URL-safe Base64 (Base64url)?

Standard Base64 (RFC 4648 §4) uses + and / characters and = padding. These characters have special meaning in URLs: + means space, / is a path separator, and = is used in query strings. URL-safe Base64 (RFC 4648 §5, also called Base64url) replaces + with - and / with _, and typically omits padding. Use Base64url for JWT tokens, URL parameters, and file names.

How much does Base64 encoding increase file size?

Base64 increases data size by approximately 33%. Every 3 bytes of binary data are encoded as 4 Base64 characters. A 100 KB image becomes ~133 KB as a Base64 string. For this reason, Base64-encoded images embedded in HTML or CSS as data URIs increase page weight. Only use data URIs for very small assets (under 5 KB) where the elimination of an HTTP request outweighs the size increase.

Why does btoa() fail for some characters?

The browser's built-in btoa() function only accepts Latin-1 (ISO 8859-1) characters — characters with code points 0–255. Characters outside this range (emoji, CJK characters, Arabic, and other Unicode scripts) cause btoa() to throw a DOMException. This tool works around the limitation by using TextEncoder to convert the string to UTF-8 bytes first, then encoding the bytes — ensuring correct handling of any Unicode text.

How do I decode a JWT token?

A JWT has three parts separated by dots: [header].[payload].[signature]. Copy the payload (middle section). Switch to Decode mode. Enable URL-safe (Base64url) mode — JWT uses Base64url encoding, not standard Base64. Paste the payload and click Decode. The result is a JSON object containing the claims: user ID, issued-at time, expiry, and other data. Note: the payload is encoded, not encrypted — anyone can read it.

Can I encode binary files (images, PDFs) to Base64?

This text-based encoder supports text content (any UTF-8 string). For encoding binary files like images or PDFs to Base64, you would need a file-based encoder that reads the raw binary bytes. The TextEncoder approach used here is optimised for text content.

Is my data safe when using this tool?

Yes. All encoding and decoding uses browser built-in APIs (btoa, atob, TextEncoder, TextDecoder). No data is ever transmitted to a server. You can verify this by opening your browser's DevTools Network tab — no network request is made during encoding or decoding operations.