Base64 Encoder / Decoder

What is Base64?

Base64 is a way of writing any data — text, an image, a file — using only 64 plain characters (A–Z, a–z, 0–9, + and /). It exists because a lot of systems were built to carry text, not arbitrary bytes: email bodies, JSON fields, URLs, HTML attributes and config files. Encode your data as Base64 first and it slips safely through all of them without getting corrupted.

The trade-off is size: Base64 makes data roughly 33% larger, because it represents every 3 bytes with 4 characters. That is fine for small payloads like an icon embedded in CSS or a token in a JSON file, and it is the reason you see Base64 everywhere once you start looking.

How to use it

1. Choose Encode or Decode at the top.
2. Paste your text into the input box.
3. The result appears instantly in the box below.
4. Press Copy to grab it, or Clear to start again.

Encoding accepts any text, including emojis and accented characters. Decoding expects valid Base64 — if it is not, you will see a clear message instead of garbled output.

When you would use Base64

• Data URIs — embedding a small image or font directly in HTML/CSS as data:image/png;base64,… so it loads without a separate request.
• APIs and JSON — sending binary-ish values (signatures, small blobs) inside text-only JSON fields.
• Basic auth headers — HTTP Basic Authentication encodes user:password as Base64 (note: this is encoding, not security — it still needs HTTPS).
• Config and tokens — many tokens and keys are distributed as Base64 so they copy and paste cleanly.
• Email attachments — MIME has used Base64 for decades to move files through text-based mail.

Base64 vs encryption — an important difference

This trips people up constantly, so it is worth being blunt: Base64 is not security. It is fully reversible by anyone, with no key required — this very tool decodes it in one click. If your goal is to hide a value, Base64 does nothing useful. Use it for transport and compatibility, and use proper encryption (and HTTPS) when you actually need confidentiality. If instead you want to fingerprint or verify the integrity of a value, reach for a Hash Generator.

Standard vs URL-safe Base64

Classic Base64 uses + and /, which have special meaning inside URLs. URL-safe Base64 swaps them for - and _ so the value can sit in a query string or path. The two are otherwise identical. If a decode fails on a string that came from a URL, convert - back to + and _ back to / first, then decode.

Tips and common mistakes

• Padding matters. Base64 strings are padded with = to a length that is a multiple of four. Stripping the padding can break stricter decoders.
• Whitespace is usually harmless. This tool ignores spaces and line breaks when decoding, which is handy because emailed Base64 is often wrapped into lines.
• Don’t double-encode. Encoding already-encoded text just makes it bigger and more confusing. Decode first if you are unsure what you have.
• Mind the size. Because Base64 inflates data by about a third, very large files are better handled as real uploads than as Base64 blobs.

Because everything runs locally, this encoder/decoder is a fast, private helper to keep in a tab whenever you are working with tokens, data URIs or any text that needs to survive a trip through a text-only system. When that text is a block of JSON, our JSON Formatter makes it readable again in the same in-browser way.