Base64 Encode/Decode
Encode it. Decode it. Forget what Base64 is for. Repeat.
What this does
Paste plain text, get Base64. Paste Base64, get plain text back. The tool auto-detects which direction you probably want, but you can force it either way. Handles UTF-8 properly, so emojis, accented characters, and CJK text won't turn into garbage on the other end.
Common use cases
Decoding data URIs. Those data:image/png;base64,... strings in CSS and HTML. Paste the encoded part, see what's in it.
Working with auth headers. HTTP Basic auth base64-encodes your username and password. Encoding is not encryption, a distinction that matters. This tool lets you encode credentials for testing or decode them when debugging.
Handling API payloads. Plenty of APIs return binary data as Base64 strings in JSON responses because JSON has no native binary type. JWTs are Base64url-encoded in each of their three segments.
Things to know
The UTF-8 handling is where most Base64 tools quietly break. The browser's built-in btoa() only handles Latin-1 characters. Throw an emoji at it and it throws an error. This tool runs text through TextEncoder first to get proper UTF-8 bytes, then encodes those. On decode, it reverses the process with TextDecoder. You can round-trip any Unicode character without losing anything.
Every 3 bytes of input become 4 characters of output, so Base64 data is about 33% larger than the original. That's the tradeoff: safe to embed anywhere, costs you some size.
Privacy
Runs entirely in your browser. No server, no logs, no upload. Your API tokens, auth headers, and mysterious encoded config values stay on your machine.
Questions
Is Base64 encryption?
No. Base64 is encoding, not encryption. It hides nothing and protects nothing. Anyone can decode it in one step, this tool included. Use it to move data safely through text-only channels, not to keep secrets.
What's the difference between Base64 and Base64url?
Base64url swaps the two characters that break URLs: + becomes - and / becomes _, and the trailing = padding usually gets dropped. JWTs use Base64url in all three segments. Regular Base64 is fine everywhere else.
Why is the Base64 output longer than my input?
Base64 turns every 3 bytes into 4 characters, so the output runs about 33% larger. That's the cost of making binary data safe to paste anywhere. Encode for safety, not for size.
Does it handle emojis and non-English text?
Yes. Plenty of Base64 tools choke on anything outside Latin-1 because they lean on the browser's raw btoa(). This one encodes proper UTF-8 first, so emojis, accents, and CJK characters round-trip cleanly.
Does it work offline?
Once the page has loaded, yes. Encoding and decoding run in your browser, so you can pull the network cable and it keeps working. Nothing was going to a server anyway.