Dev Encyclopedia
ArticlesToolsContactAbout

Get notified when new content drops

No spam. Just new articles, tools, and updates straight to your inbox.

Dev Encyclopedia

A reference for builders

Dev.to
Discord
WhatsApp Channel
daily.dev
Hashnode
X

Content

  • Articles
  • Tools
  • About
  • Contact

Connect

  • support@devencyclopedia.com
  • RSS Feed

Legal

  • Privacy Policy
  • Terms of Service
  • Disclaimer

© 2026 Dev Encyclopedia

Back to top ↑
  1. Home
  2. /
  3. Tools
  4. /
  5. Base64 Encoder / Decoder
Free · Private · No account

Encode or decode Base64 instantly.

Type or paste any text and get the Base64 output immediately, with no ads, no trackers, nothing sent to any server. Your input is processed entirely in your browser using JavaScript's built-in btoa() and atob() APIs.

Zeeshan Tofiq

Zeeshan Tofiq

Full Stack Developer

When developers use Base64

Use caseExampleMode
HTTP Basic AuthAuthorization: Basic base64(user:pass)Encode
JWT payload inspectionDecode the middle segment of a JWTDecode
CSS data URIsdata:image/png;base64,iVBOR...Encode
Env var secretsEncode binary keys for .env filesEncode
API response dataSome APIs return files as Base64 stringsDecode
URL-safe tokensOAuth tokens, URL query parametersURL-safe

Standard Base64 vs URL-safe Base64

Standard Base64URL-safe Base64
CharactersA–Z, a–z, 0–9, +, /A–Z, a–z, 0–9, -, _
Padding= (included)Stripped
Safe in URLs?No (+ and / need escaping)Yes (no escaping needed)
Use forEmail, CSS data URIs, HTTP Basic AuthJWT tokens, OAuth tokens, URL params

Working with Base64 in JavaScript

Copy-paste patterns for the most common scenarios.

Browser: btoa() / atob()
// Encode
const encoded = btoa("Hello, World!");
// Decode
const decoded = atob(encoded); // "Hello, World!"
Browser: Unicode fix (emoji, accents, CJK)
// Encode Unicode safely
const encoded = btoa(unescape(encodeURIComponent("Hello 🌍")));
// Decode
const decoded = decodeURIComponent(escape(atob(encoded)));
Node.js: Buffer.from()
// Encode
const encoded = Buffer.from("Hello, World!").toString("base64");
// Decode
const decoded = Buffer.from(encoded, "base64").toString("utf-8");
URL-safe Base64 (JWT, OAuth tokens)
// Encode URL-safe
const encoded = btoa(unescape(encodeURIComponent(str)))
  .replace(/+/g, "-").replace(///g, "_").replace(/=/g, "");
// Decode URL-safe
const padded = str.replace(/-/g, "+").replace(/_/g, "/")
  + "=".repeat((4 - str.length % 4) % 4);
const decoded = decodeURIComponent(escape(atob(padded)));

Frequently Asked Questions

What is Base64 encoding?

Base64 converts binary data into a string of printable ASCII characters using a 64-character alphabet (A-Z, a-z, 0-9, +, /, =).

  • Why it exists: binary data breaks in text-only contexts (HTTP headers, email bodies, URL parameters, JSON values). Base64 makes any payload text-safe.
  • What it is not: Base64 is not encryption and not compression. Encoded output is ~33% larger than the original input.
  • Anyone can decode it: Base64 is fully reversible with no key. Never use it as a security mechanism.
Does Base64 encoding encrypt my data?

No. Base64 is encoding, not encryption. Anyone who sees a Base64 string can decode it immediately: there is no key involved.

⚠ Warning

JWT tokens look like gibberish but are simply Base64 URL-encoded. The header and payload are completely readable by anyone who decodes them. Only the cryptographic signature provides a security guarantee. Encrypt data before encoding it if confidentiality matters.

What is URL-safe Base64 and when should I use it?
Standard Base64URL-safe Base64
CharactersA–Z, a–z, 0–9, +, /A–Z, a–z, 0–9, -, _
Padding= (included)Stripped
Safe in URLs?No (+ and / need escaping)Yes
Use forEmail, CSS data URIs, HTTP Basic AuthJWT tokens, OAuth tokens, URL params

Toggle URL-safe mode in this tool when working with JWT payloads or encoding values that will appear in a URL.

How do I decode a JWT token's payload with this tool?

A JWT has three Base64 URL-encoded segments separated by dots: header.payload.signature.

  1. Copy the payload: the middle segment between the two . dots.
  2. Switch to Decode mode: the tool auto-detects URL-safe characters (- and _) and normalises them automatically.
  3. Paste the segment: the decoded JSON object appears immediately.

ℹ Info

The signature (third segment) cannot be verified here: that requires the secret key and a JWT library. This tool only decodes the readable claim data.

Why does btoa() throw an error on some strings in JavaScript?

The browser's native btoa() only accepts Latin-1 (ISO-8859-1) characters. Any input outside that range (emoji, accented letters, CJK characters) throws DOMException: The string to be encoded contains characters outside of the Latin1 range.

Fix: UTF-8 encode the string first:

javascript
// Encode Unicode safely
const encoded = btoa(unescape(encodeURIComponent(str)));

// Decode
const decoded = decodeURIComponent(escape(atob(encoded)));

💡 Tip

This tool handles Unicode automatically: paste any string including emoji and non-ASCII text without errors. The Node.js Buffer API also handles this natively: Buffer.from(str).toString('base64').

Related reading

Guide

Next.js Environment Variables

Encoding secrets before storing them in .env files: when to use Base64 and when to use proper secrets management.

Guide

How to Audit Your VS Code Extensions

Extensions can read Base64-encoded secrets from your workspace files. Know what's running in your editor.

Zeeshan Tofiq

Zeeshan Tofiq

Full Stack Developer

Full stack developer with over 6 years of experience building production applications. Writes practical guides on JavaScript, TypeScript, React, Node.js, and cloud infrastructure. Focused on helping developers solve real problems with clean, maintainable code.

Enjoyed this article?

Get practical dev guides, tool updates, and new articles delivered straight to your inbox. No spam, unsubscribe anytime.

Base64 output