acento.io
Developer tool

Base64 Encoder & Decoder

Encode text to Base64 or decode any Base64 string in your browser — no uploads, no server, no tracking.

By Carlos Suárez , Systems engineer
Last updated:

What this Base64 encoder & decoder does

Base64 encoding converts binary or text data into a 64-character ASCII alphabet, making it safe to transmit through systems that only handle plain text — email bodies, HTTP headers, JSON payloads, and URLs. This English-language version of the tool encodes any UTF-8 input to Base64 (RFC 4648) and decodes Base64 strings back to readable text, with full support for the URL-safe variant that replaces + and / with - and _. Unicode 15.1 added 627 new characters in 2023, including new CJK extensions and emoji — this tool handles all of them correctly by encoding UTF-8 bytes before applying Base64, avoiding the classic btoa() pitfall in JavaScript. 100% client-side — your data never leaves your browser. No uploads, no tracking, no server logs. That matters when you're working with JWT tokens, Basic Auth credentials, or any encoded payload that shouldn't touch a third-party server.

Features

  • Correct UTF-8 handling. Encodes multi-byte Unicode characters properly before applying Base64, so emoji, CJK characters, and accented letters all round-trip without data loss — unlike a bare btoa() call in JavaScript, which throws on non-Latin-1 input.
  • URL-safe Base64 mode. Switches the output alphabet to use - and _ instead of + and /, and optionally strips padding (=). Use this when embedding Base64 in URLs, query strings, or JWT segments, where standard characters would need percent-encoding.
  • Instant bidirectional conversion. Flip between the Encode and Decode tabs without clearing your input. Paste a Base64 string to decode it back to text, or type any text to get its Base64 representation — results update as you type.
  • One-click copy. Copy the full output to your clipboard in one click. The button confirms the action with a brief 'Copied!' label so you know it worked before moving on.
  • Client-side privacy. All encoding and decoding runs in your browser using the Web Crypto stack and standard JavaScript APIs. Nothing is sent to a server, logged, or stored. Safe for auth tokens, PII payloads, and internal credentials. As MDN — encodeURIComponent notes, keeping sensitive data local is always preferable to passing it through a remote endpoint.
  • Handles common pitfalls. Strips or ignores whitespace and newlines that some encoders insert at 76-character intervals (per MIME), so you can paste wrapped Base64 from email or config files and decode it without manual cleanup.

How to use the Base64 encoder & decoder

Choose the Encode or Decode tab, paste your input, and the result appears immediately. Use the URL-safe toggle when working with JWT or URLs.

  1. Select a direction. Click the **Encode** tab to convert text to Base64, or the **Decode** tab to convert Base64 back to text.
  2. Paste or type your input. Enter any UTF-8 text (including emoji or CJK characters) to encode, or paste a Base64 string to decode. In a terminal you can generate input with echo -n 'hello' | base64 and paste the result here to verify.
  3. Toggle URL-safe mode if needed. Check **URL-safe** when the output will appear in a URL, query parameter, or JWT segment. This replaces + with -, / with _, and removes = padding.
  4. Copy the result. Click **Copy** to send the output to your clipboard. In Python you can verify encoded strings with import base64; base64.b64encode(text.encode()) to cross-check results.

Common use cases

  • Inspecting JWT tokens. JWT header and payload segments are Base64URL-encoded (standardized in RFC 7519 in 2015). Paste either segment into the Decode tab to read the JSON claims without installing any library. If you also need to generate a random token ID, the [UUID generator](/en/uuid-generator/) handles that.
  • Building Basic Auth headers. HTTP Basic Authentication requires the username:password string to be Base64-encoded and sent as Authorization: Basic <token>. Encode your credentials here, then paste the result directly into curl, Postman, or a config file — without sending your password to a third-party service.
  • Embedding assets as data URIs. Small images, SVG icons, or custom fonts can be embedded directly in CSS or HTML as data:image/png;base64,<encoded>. Encode your binary content here to generate the Base64 portion, then construct the full data URI in your stylesheet.
  • Encoding binary blobs in JSON or YAML configs. Config formats like Kubernetes secrets store binary values (TLS certs, private keys) as Base64 strings because JSON — as defined in RFC 8259 — has no binary type. Use this tool to encode or decode those values when editing manifests by hand.
  • Debugging encoded API responses. Some APIs return field values or error details Base64-encoded to preserve binary safety. Decode them here to read the original content, whether that's a protobuf payload, a SAML assertion, or an error message from a service in Boston or London.

Frequently asked questions

Is Base64 a form of encryption?

No. Base64 is encoding, not encryption. It maps bytes to a 64-character ASCII alphabet so they're safe to transmit in text-only channels, but it provides no confidentiality whatsoever — anyone can decode it instantly. If you search for 'base64 decrypt' or 'base64 encrypted', know that Base64 has no key and no secret. For actual encryption, use AES or similar algorithms.

Is it safe to encode sensitive data like passwords or tokens here?

Yes. This tool runs entirely in your browser — there is no server receiving your input, no request is made over the network, and nothing is logged. Your JWT tokens, API keys, and credentials stay local. You can verify this by opening DevTools and watching the Network tab — zero requests are made when you encode or decode.

Why does Base64 output end with one or two equals signs?

Base64 encodes 3 bytes into 4 characters. When the input length isn't a multiple of 3, padding characters (=) are appended to make the output length a multiple of 4. You'll see one = when there's one leftover byte and == for two. In URL-safe mode this tool can strip the padding, which is standard practice for JWTs and some APIs.

What's the difference between standard Base64 and URL-safe Base64?

Standard Base64 (RFC 4648 §4) uses + and / as the 62nd and 63rd characters, plus = for padding. URL-safe Base64 (RFC 4648 §5) replaces those with - and _ so the output can appear in URLs and filenames without percent-encoding. If you're working with JWTs or URL query params, always use the URL-safe variant. For mixing URL encoding in general, our [URL encoder & decoder](/en/url-encoder/) can help.

Why does JavaScript's btoa() throw an error on some strings?

The built-in btoa() only accepts Latin-1 characters (code points 0–255). Any string containing emoji, CJK characters, or other multi-byte Unicode triggers an InvalidCharacterError. The fix is to encode the string as UTF-8 bytes first, then Base64-encode those bytes — which is exactly what this tool does automatically.

Can I decode Base64 that has line breaks in it?

Yes. Some Base64 encoders — particularly older MIME implementations — wrap output at 76 characters per line. This tool strips whitespace and newlines before decoding, so you can paste wrapped Base64 from email headers, PEM certificates, or config files without manually joining the lines first.