Encode or decode Base64 instantly.
Type or paste any text and get the Base64 output immediately — no ads, no trackers, nothing sent to any server. Your input is processed entirely in your browser using JavaScript's built-in btoa() and atob() APIs.
When developers use Base64
| Use case | Mode |
|---|---|
| HTTP Basic Auth | Encode |
| JWT payload inspection | Decode |
| CSS data URIs | Encode |
| Env var secrets | Encode |
| API response data | Decode |
| URL-safe tokens | URL-safe |
Standard Base64 vs URL-safe Base64
| Standard Base64 | URL-safe Base64 | |
|---|---|---|
| Characters | A–Z, a–z, 0–9, +, / | A–Z, a–z, 0–9, -, _ |
| Padding | = (included) | Stripped |
| Safe in URLs? | No — + and / need escaping | Yes — no escaping needed |
| Use for | Email, CSS data URIs, HTTP Basic Auth | JWT tokens, OAuth tokens, URL params |
Working with Base64 in JavaScript
Copy-paste patterns for the most common scenarios.
// Encode
const encoded = btoa("Hello, World!");
// Decode
const decoded = atob(encoded); // "Hello, World!"// Encode Unicode safely
const encoded = btoa(unescape(encodeURIComponent("Hello 🌍")));
// Decode
const decoded = decodeURIComponent(escape(atob(encoded)));// Encode
const encoded = Buffer.from("Hello, World!").toString("base64");
// Decode
const decoded = Buffer.from(encoded, "base64").toString("utf-8");// Encode URL-safe
const encoded = btoa(unescape(encodeURIComponent(str)))
.replace(/+/g, "-").replace(///g, "_").replace(/=/g, "");
// Decode URL-safe
const padded = str.replace(/-/g, "+").replace(/_/g, "/")
+ "=".repeat((4 - str.length % 4) % 4);
const decoded = decodeURIComponent(escape(atob(padded)));Frequently Asked Questions
What is Base64 encoding?
Base64 converts binary data into a string of printable ASCII characters using a 64-character alphabet (A-Z, a-z, 0-9, +, /, =).
- Why it exists: binary data breaks in text-only contexts — HTTP headers, email bodies, URL parameters, JSON values. Base64 makes any payload text-safe.
- What it is not: Base64 is not encryption and not compression. Encoded output is ~33% larger than the original input.
- Anyone can decode it: Base64 is fully reversible with no key. Never use it as a security mechanism.
Does Base64 encoding encrypt my data?
No. Base64 is encoding, not encryption. Anyone who sees a Base64 string can decode it immediately — there is no key involved.
What is URL-safe Base64 and when should I use it?
| Standard Base64 | URL-safe Base64 | |
|---|---|---|
| Characters | A–Z, a–z, 0–9, +, / | A–Z, a–z, 0–9, -, _ |
| Padding | = (included) | Stripped |
| Safe in URLs? | No — + and / need escaping | Yes |
| Use for | Email, CSS data URIs, HTTP Basic Auth | JWT tokens, OAuth tokens, URL params |
Toggle URL-safe mode in this tool when working with JWT payloads or encoding values that will appear in a URL.
How do I decode a JWT token's payload with this tool?
A JWT has three Base64 URL-encoded segments separated by dots: header.payload.signature.
- Copy the payload — the middle segment between the two
.dots. - Switch to Decode mode — the tool auto-detects URL-safe characters (
-and_) and normalises them automatically. - Paste the segment — the decoded JSON object appears immediately.
Why does btoa() throw an error on some strings in JavaScript?
The browser's native btoa() only accepts Latin-1 (ISO-8859-1) characters. Any input outside that range — emoji, accented letters, CJK characters — throws DOMException: The string to be encoded contains characters outside of the Latin1 range.
Fix: UTF-8 encode the string first:
// Encode Unicode safely
const encoded = btoa(unescape(encodeURIComponent(str)));
// Decode
const decoded = decodeURIComponent(escape(atob(encoded)));