PocketWebToolsPocketWebToolsFeedback

Base64 Encoder

Encode and decode Base64 text and data. UTF-8 and URL-safe. Runs in your browser, no upload.

BASE64
Encode and decode Base64 in your browser
This free Base64 encoder and decoder converts text to Base64 and back without uploading anything. It is UTF-8 safe, so emoji and every language round-trip cleanly, and it offers a URL-safe mode for tokens and query strings. Everything runs locally in your browser, so API keys, credentials, and private data never leave your device.
No signup, no limits, no ads. Pick a direction, paste your input, and copy the result.
How to use it
  1. Choose encode or decode. Encode turns plain text into Base64; decode turns Base64 back into text.
  2. Toggle URL-safe if you are working with tokens, JWTs, or anything that lives in a URL or filename.
  3. Paste your input and read the result in the output pane.
  4. Copy the output, or use it as the next input to chain a round-trip.
Common use cases
  • Inspecting JWTs. Decode the header and payload segments of a JSON Web Token (they are URL-safe Base64).
  • Data URIs. Decode a base64 image string, or check what an inline data URI contains.
  • Debugging APIs. Decode a Base64 field in an API response to see the real value.
  • Basic auth headers. Decode an Authorization header to confirm the username and password being sent.
  • Config and secrets transport. Encode a value so it survives being pasted into YAML, JSON, or an env file.
Encoding is not encryption
It is worth repeating: Base64 is an encoding, not a cipher. Anyone who sees the encoded string can decode it in seconds, including with this very tool. Use Base64 to move data through systems that expect plain text, never to hide it. If you need confidentiality, reach for real encryption and key management instead.
Frequently asked questions
Is my text or data uploaded anywhere?
No. Encoding and decoding happen entirely in your browser with JavaScript. Nothing you paste is sent to a server, so it is safe to encode tokens, credentials, or private notes.
What is Base64 actually for?
Base64 represents binary or text data using 64 safe ASCII characters. It is used to embed images in CSS or HTML (data URIs), to carry binary payloads inside JSON or XML, in email attachments (MIME), and in JWT tokens. It is an encoding, not encryption: anyone can decode it.
Does it handle emoji and non-English text?
Yes. The tool encodes through UTF-8 first, so emoji, accents, Arabic, Chinese, and any Unicode text round-trip correctly. The naive browser btoa function throws on those characters; this tool handles them properly.
What is the URL-safe option?
Standard Base64 uses the characters + and /, which have special meaning in URLs. URL-safe Base64 replaces them with - and _ and drops the trailing = padding, so the result can be dropped straight into a query string or a filename. JWTs use this variant.
Why does decoding fail sometimes?
Decoding fails when the input is not valid Base64: it has characters outside the alphabet, the wrong length, or broken padding. If you copied a URL-safe token, turn on the URL-safe toggle so the tool restores the standard alphabet and padding before decoding.
Is Base64 secure?
No. Base64 is reversible by anyone, so it provides zero confidentiality. Use it to transport data, never to protect it. For secrets, use real encryption.
Other tools you might like