Encode or decode Base64 instantly.
Type or paste any text and get the Base64 output immediately, with no ads, no trackers, nothing sent to any server. Your input is processed entirely in your browser using JavaScript's built-in btoa() and atob() APIs.
When developers use Base64
| Use case | Mode |
|---|---|
| HTTP Basic Auth | Encode |
| JWT payload inspection | Decode |
| CSS data URIs | Encode |
| Env var secrets | Encode |
| API response data | Decode |
| URL-safe tokens | URL-safe |
Standard Base64 vs URL-safe Base64
| Standard Base64 | URL-safe Base64 | |
|---|---|---|
| Characters | A–Z, a–z, 0–9, +, / | A–Z, a–z, 0–9, -, _ |
| Padding | = (included) | Stripped |
| Safe in URLs? | No (+ and / need escaping) | Yes (no escaping needed) |
| Use for | Email, CSS data URIs, HTTP Basic Auth | JWT tokens, OAuth tokens, URL params |
Working with Base64 in JavaScript
Copy-paste patterns for the most common scenarios.
// Encode
const encoded = btoa("Hello, World!");
// Decode
const decoded = atob(encoded); // "Hello, World!"// Encode Unicode safely
const encoded = btoa(unescape(encodeURIComponent("Hello 🌍")));
// Decode
const decoded = decodeURIComponent(escape(atob(encoded)));// Encode
const encoded = Buffer.from("Hello, World!").toString("base64");
// Decode
const decoded = Buffer.from(encoded, "base64").toString("utf-8");// Encode URL-safe
const encoded = btoa(unescape(encodeURIComponent(str)))
.replace(/+/g, "-").replace(///g, "_").replace(/=/g, "");
// Decode URL-safe
const padded = str.replace(/-/g, "+").replace(/_/g, "/")
+ "=".repeat((4 - str.length % 4) % 4);
const decoded = decodeURIComponent(escape(atob(padded)));Frequently Asked Questions
What is Base64 encoding?
Base64 converts binary data into a string of printable ASCII characters using a 64-character alphabet (A-Z, a-z, 0-9, +, /, =).
- Why it exists: binary data breaks in text-only contexts (HTTP headers, email bodies, URL parameters, JSON values). Base64 makes any payload text-safe.
- What it is not: Base64 is not encryption and not compression. Encoded output is ~33% larger than the original input.
- Anyone can decode it: Base64 is fully reversible with no key. Never use it as a security mechanism.
Does Base64 encoding encrypt my data?
No. Base64 is encoding, not encryption. Anyone who sees a Base64 string can decode it immediately: there is no key involved.
What is URL-safe Base64 and when should I use it?
| Standard Base64 | URL-safe Base64 | |
|---|---|---|
| Characters | A–Z, a–z, 0–9, +, / | A–Z, a–z, 0–9, -, _ |
| Padding | = (included) | Stripped |
| Safe in URLs? | No (+ and / need escaping) | Yes |
| Use for | Email, CSS data URIs, HTTP Basic Auth | JWT tokens, OAuth tokens, URL params |
Toggle URL-safe mode in this tool when working with JWT payloads or encoding values that will appear in a URL.
How do I decode a JWT token's payload with this tool?
A JWT has three Base64 URL-encoded segments separated by dots: header.payload.signature.
- Copy the payload: the middle segment between the two
.dots. - Switch to Decode mode: the tool auto-detects URL-safe characters (
-and_) and normalises them automatically. - Paste the segment: the decoded JSON object appears immediately.
Why does btoa() throw an error on some strings in JavaScript?
The browser's native btoa() only accepts Latin-1 (ISO-8859-1) characters. Any input outside that range (emoji, accented letters, CJK characters) throws DOMException: The string to be encoded contains characters outside of the Latin1 range.
Fix: UTF-8 encode the string first:
// Encode Unicode safely
const encoded = btoa(unescape(encodeURIComponent(str)));
// Decode
const decoded = decodeURIComponent(escape(atob(encoded)));