Base64 Encoder & Decoder Online — Text, File & JWT

Encode text or files to Base64, decode Base64 strings, and decode JWT tokens — all instantly in your browser, nothing uploaded.

Alphabet

Free Base64 Encoder & Decoder — Text, Files & JWT

This free online Base64 encoder and decoder converts text and files to Base64 format and back — entirely in your browser. It also includes a dedicated JWT decoder that splits a JSON Web Token into its header and payload, decodes both parts, and shows expiry status at a glance. Nothing is uploaded to any server.

Supports both standard Base64 (using + and /) and URL-safe Base64 (using - and _, no padding) — the variant required in JWTs, OAuth tokens, and URL query parameters. The file encoder converts images, PDFs, and any other file to Base64 and generates the full data: URI for direct use in CSS or HTML.

What Is Base64 Used For?

  • JWT tokens — JSON Web Tokens use URL-safe Base64 for the header and payload sections. The JWT Decoder tab reads any JWT and shows the claims (sub, iss, exp, iat) in a readable table with human-readable timestamps.
  • Embedding images in CSS — small icons and backgrounds can be Base64-encoded and embedded directly asbackground-image: url('data:image/png;base64,…') to avoid extra HTTP requests.
  • API authentication — HTTP Basic Authentication sends credentials as Base64. The header Authorization: Basic dXNlcjpwYXNz decodes to user:pass.
  • Kubernetes secrets — all secret values in Kubernetes are Base64-encoded. Paste the value here to read it.
  • Email attachments — MIME email attachments are Base64-encoded inside the email body.
  • JSON payloads with binary data — APIs that need to send binary data (images, files) inside JSON encode them as Base64 strings.

Standard vs URL-Safe Base64

Standard Base64 uses 64 characters: A-Z, a-z, 0-9, +, /, with = padding. The + and / characters have special meaning in URLs, which makes standard Base64 unsafe to use directly in query strings or filenames.

URL-safe Base64 (RFC 4648 §5) replaces + with - and / with _, and omits padding. This is what JWTs, OAuth 2.0, and most modern APIs use. Both are supported — select the alphabet in the Encode tab.

Working with URL query parameters instead? The URL Encoder/Decoder handles percent-encoding. Working with JSON data from an API? Try the JSON Formatter.

Frequently Asked Questions

What is Base64 encoding?

Base64 is a binary-to-text encoding that represents binary data using 64 printable ASCII characters (A-Z, a-z, 0-9, +, /). It increases data size by about 33% but makes binary data safe to transmit over systems designed for text, like email or JSON.

Why does my Base64 string end with == or =?

The = characters are padding. Base64 encodes 3 bytes at a time into 4 characters. When the input length isn't a multiple of 3, padding is added to make the output length a multiple of 4. One = means 1 padding byte, two == means 2 padding bytes. URL-safe Base64 omits this padding.

Is Base64 the same as encryption?

No. Base64 is encoding, not encryption. Anyone with the Base64 string can decode it instantly — there is no key or secret involved. It is used for safe data transport, not security. If you need encryption, use a proper cryptographic library.

How do I decode a JWT token?

Paste the JWT into the JWT Decoder tab. The tool splits it at the dots, decodes each part from Base64, and displays the header (algorithm, token type) and payload (claims like sub, iss, exp, iat) in a readable table with human-readable timestamps.

Does this verify JWT signatures?

No — it decodes the header and payload only. JWT signature verification requires the secret key and must be done server-side. Never make security decisions based on decoded payload contents without verifying the signature.

Is my data uploaded to a server?

No. All encoding, decoding, and JWT parsing runs locally in your browser using JavaScript's built-in btoa(), atob(), and TextEncoder APIs. Files are read with FileReader — nothing leaves your device.