Base64 Encoder & Decoder

Q: What is URL-safe Base64?

Standard Base64 uses the characters + and / which have special meaning in URLs and can cause parsing issues. URL-safe Base64 (also called Base64url) replaces + with - and / with _ making it safe to include in URLs, query parameters, and filenames without percent-encoding. This is commonly used in JWT tokens, OAuth 2.0, and web APIs.

Q: What are the most common uses for Base64?

Base64 is used in many common scenarios: embedding images directly in HTML/CSS as data URIs (data:image/png;base64,...), encoding credentials in HTTP Basic Authentication headers, transmitting binary attachments in emails (MIME encoding), encoding data in JSON APIs where binary isn't supported, storing binary data in XML documents, and encoding JWT (JSON Web Token) claims.

⚡ Key Features

🔐

Encode & Decode

Convert any text or file content to/from Base64 format

📁

File Support

Encode file content (text files, JSON, XML) to Base64

🔗

URL-Safe Mode

Generate URL-safe Base64 with + replaced by - and / by _

⚡

Instant Processing

Conversion happens in-browser with zero delay

📋

Copy Output

One-click copy of encoded or decoded result

🔒

Privacy First

All processing is local — your data never leaves your device

📋 How to Use This Tool

1

Choose Mode
Select Encode (text → Base64) or Decode (Base64 → text).
2

Enter Input
Paste your text string or Base64 string into the input box.
3

Click Convert
Hit Encode or Decode to process your input.
4

Copy Result
Copy the output with one click for immediate use.

Text to Encode

Options

URL-safe Base64 (- and _ instead of + and /) Strip padding (=) Break at 76 chars (MIME standard)

Base64 Output

Output will appear here...

What Is Base64 Encoding?

Base64 is a binary-to-text encoding scheme that represents binary data using only 64 printable ASCII characters: A–Z (26), a–z (26), 0–9 (10), and the characters + and / (2). The equal sign = is used as padding. The name "Base64" refers to the 64 unique characters in its alphabet.

The fundamental problem Base64 solves is binary data compatibility. Many systems and protocols — email servers (SMTP), URLs, databases, XML files, and JSON payloads — were designed to handle text only. They can't process raw binary data like images, audio files, or encrypted payloads without corruption. Base64 converts that binary data into safe, printable text that any text-based system can handle without modification.

This free Base64 tool handles encoding (text → Base64) and decoding (Base64 → text) instantly, with support for URL-safe Base64, padding removal, and MIME-standard line breaks. All processing happens client-side in your browser — your data never leaves your device.

Common Uses for Base64 Encoding

Embedded images in HTML/CSS: Convert small images to data URIs (data:image/png;base64,...) to reduce HTTP requests
HTTP Basic Authentication: Credentials are Base64-encoded in the Authorization header (not encrypted — just encoded for transport)
Email attachments: MIME encoding uses Base64 to safely transmit binary attachments through email servers
JSON APIs: Encode binary data (images, PDFs) in JSON payloads where only text strings are supported
JWT tokens: JSON Web Tokens use URL-safe Base64 to encode header, payload, and signature segments
XML data: Store binary content in XML elements without breaking the text-based XML structure
Configuration files: Encode binary keys, certificates, and credentials for text-based config files

Standard vs URL-Safe Base64

Standard Base64

Uses characters: A-Z a-z 0-9 + / =

The + and / characters cause problems in URLs — they have special meanings (+ = space in query strings, / = path separator). Standard Base64 strings must be percent-encoded when used in URLs.

Best for: Email (MIME), file storage, non-URL contexts

URL-Safe Base64

Uses characters: A-Z a-z 0-9 - _ =

Replaces + with - and / with _ — making the output safe to use directly in URLs and filenames without additional encoding. Defined in RFC 4648.

Best for: JWT tokens, OAuth 2.0, URL parameters, filenames

Base64 Size Overhead Reference

Original Size	Base64 Size	Overhead
100 bytes	136 bytes	+36%
1 KB	~1.37 KB	+37%
10 KB	~13.7 KB	+37%
1 MB image	~1.37 MB	+37%

Base64 encoding always increases data size by approximately 33-37%. For this reason, only use Base64 embedding for small files (under 10 KB). Large files should be served as separate resources.

Frequently Asked Questions

What is Base64 encoding? +

Base64 is a binary-to-text encoding scheme that converts binary data into a string of 64 printable ASCII characters. It allows binary content like images, audio, and encrypted data to pass safely through text-only systems like email servers, URLs, and JSON APIs without corruption.

Is Base64 a form of encryption? +

No — Base64 is encoding, not encryption. It is completely reversible and provides zero security. Anyone can decode a Base64 string instantly. Never use Base64 to hide sensitive information like passwords or personal data. Use proper encryption algorithms like AES-256 for data that needs to be protected.

What is URL-safe Base64? +

Standard Base64 uses + and / which have special meaning in URLs. URL-safe Base64 replaces + with - and / with _ making it safe for URLs, query parameters, and filenames without percent-encoding. This variant is commonly used in JWT tokens, OAuth 2.0, and web APIs.

Does Base64 increase file size? +

Yes. Base64 encoding increases data size by approximately 33-37%. For every 3 bytes of original data, Base64 produces 4 bytes. This is the trade-off for text compatibility. Use Base64 embedding only for small files (under 10 KB) — large files should be served as separate resources for better performance.

What are the most common uses for Base64? +

Common uses include: embedding small images in HTML/CSS as data URIs, encoding credentials in HTTP Basic Authentication headers, transmitting binary email attachments via MIME encoding, encoding data in JSON APIs, encoding JWT token segments, and storing binary content in XML documents or text-based configuration files.

Related Tools

How to Use the Base64 Encoder / Decoder

Enter your text or paste your data in the input field. Click Encode to convert text to Base64, or Decode to convert Base64 back to plain text. The tool handles standard Base64 and URL-safe Base64. You can also encode files by uploading them — the output is the Base64 data URI.

Why Use a Base64 Encoder / Decoder?

Base64 encoding is used throughout web development: embedding images directly in CSS/HTML (data URIs), encoding binary data in JSON APIs, transmitting attachments in email (MIME), storing binary data in databases and cookies, and encoding authentication credentials in HTTP Basic Auth headers.

When to Use Base64 Encoding

Data URIs: Embed small images directly in HTML/CSS to save HTTP requests. Example: . HTTP Basic Auth: Credentials are Base64 encoded: Authorization: Basic base64(username:password). API payloads: Encode binary data (PDFs, images) for transmission in JSON. JWTs: JWT header and payload sections are Base64URL encoded. Email: MIME encodes attachments using Base64.

Frequently Asked Questions — Base64 Encoder / Decoder

Base64 is an encoding scheme that converts binary data to a string of 64 ASCII characters (A-Z, a-z, 0-9, +, /). It increases data size by approximately 33% but allows binary data to be safely transmitted through text-only systems like email and JSON.

No. Base64 is encoding, not encryption. It is completely reversible — anyone can decode it without a key. Never use Base64 for security. Use AES, RSA, or other proper encryption algorithms to protect sensitive data.

Standard Base64 uses + and / characters which have special meaning in URLs. Base64URL replaces + with - and / with _ for URL-safe use. JWT tokens use Base64URL encoding. Use standard Base64 for non-URL contexts.

Base64 encodes 3 bytes as 4 characters — a 33% size increase. A 100KB image becomes approximately 133KB as Base64. For larger files, the size overhead makes Base64 impractical compared to direct binary transmission.

Never. Base64 provides no security — it's trivially reversed. For password storage, use bcrypt, scrypt, or Argon2 hashing algorithms. For transmitting credentials, always use HTTPS.

What Base64 Is — and What It Isn't

Base64 is the most frequently misunderstood encoding on the web. The critical clarification: Base64 is encoding, not encryption or hashing. It transforms binary data (bytes) into a safe ASCII text representation using 64 printable characters (A–Z, a–z, 0–9, +, /). Anyone with any Base64 decoder can reverse it instantly — it provides zero security or privacy. A Base64-encoded password stored in a database is as exposed as a plaintext password. Never confuse it with bcrypt, AES, or other actual security mechanisms.

Base64 exists to solve a specific problem: many protocols were designed for text-only transmission. Binary data (images, audio files, certificates, compressed archives) corrupts text-only channels because binary bytes include control characters, null bytes, and characters that text protocols interpret as structural signals. Base64 converts any binary into a predictable 64-character ASCII subset that passes through any text channel safely, at the cost of roughly 33% size overhead (every 3 bytes become 4 characters).

Real-World Base64 Use Cases

Embedding images in HTML and CSS: Instead of an external image request (which requires DNS lookup + TCP connection + HTTP round trip), embed small images directly: <img src="data:image/png;base64,iVBORw0KGgo...">. Useful for icons in email templates where external images are frequently blocked by mail clients. Not recommended for images over 5–10KB due to the size overhead and document bloat.

HTTP Basic Authentication: HTTP Basic Auth encodes credentials in the Authorization header: Authorization: Basic dXNlcjpwYXNzd29yZA== which decodes to "user:password". The encoding is for the text-only header format, not for security — Basic Auth must always be used over HTTPS; the Base64 itself provides no protection from interception.

JSON Web Tokens (JWT): A JWT like "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VySWQiOjEyM30.sig" has two Base64url-encoded sections (header and payload) that anyone can decode and read. Paste the first or second segment into this tool to see the content. The third segment is a cryptographic signature — the security comes from the signature validation, not the encoding. Never store sensitive data in JWT payloads that isn't already public.

Email attachments (MIME encoding): Every email attachment you send is Base64-encoded inside the MIME message body for transmission. When you attach a PDF, your email client encodes it; the recipient's client decodes it transparently. This is why email file sizes increase by roughly 33% in transit.

Standard vs URL-Safe Base64 — When Each Is Required

Standard Base64 uses the characters +, /, and = — all of which are reserved or special characters in URLs. URL-safe Base64 substitutes − (hyphen) for + and _ (underscore) for /, and omits or replaces the = padding. Use URL-safe Base64 when encoded data appears in: URL query parameters, JWT tokens, filenames, cookie values, or any context where standard Base64 characters would be percent-encoded or misinterpreted. This tool generates both variants — select the appropriate type for your use case.

Common Base64 Mistakes

Using Base64 for password storage or secret protection — Base64 is completely reversible; any encoded "secret" is fully exposed. Use bcrypt, Argon2, or scrypt for password hashing; use AES-256 for data encryption.
Mixing standard and URL-safe Base64 — A string with + and / will break when placed in a URL without percent-encoding; a string with − and _ will break parsers expecting standard Base64. Be explicit about which variant you need.
Missing or incorrect padding — Base64 strings must be padded to a length that is a multiple of 4 characters using = characters. Missing padding causes decoder failures. URL-safe Base64 sometimes omits padding — ensure your decoder handles this.
Encoding already-text data without reason — JSON, XML, HTML, and plain text are already text formats and don't need Base64 encoding for HTTP transmission. Over-encoding adds overhead and complexity with no benefit.