Base64 Encode Decode Online: The Complete Guide
Learn how Base64 encoding works, when to use it, how to encode and decode online instantly, and why it is not encryption.
Last updated: May 4, 2026
What is Base64 encoding?
Base64 is an encoding scheme that converts binary data into a string of ASCII characters. It uses 64 printable characters (A–Z, a–z, 0–9, +, /) to represent arbitrary byte sequences. The name comes from the fact that each Base64 character encodes 6 bits of binary data (2⁶ = 64 possible values).
Base64 was designed to safely transmit binary data through systems that only handle text — email servers, XML parsers, HTTP headers, and JSON payloads. By converting binary to a text-safe format, you avoid character encoding issues, control characters, and null bytes that would break text-only systems.
A concrete example
Encoding the string Hello, World! to Base64:
Input (plain text)
Hello, World!Output (Base64)
SGVsbG8sIFdvcmxkIQ==The == at the end is padding. Base64 encodes 3 bytes at a time into 4 characters. When the input length is not a multiple of 3, padding characters fill the remaining space.
How to encode and decode Base64 online
Encoding: text to Base64
Open the Base64 Encoder / Decoder, select Encode mode, paste your plain text, and click Encode. The Base64 output appears instantly and can be copied with one click.
Decoding: Base64 to text
Switch to Decode mode, paste your Base64 string, and click Decode. The original text appears. If the input is not valid Base64, the tool reports a clear error.
Privacy
Everything runs in your browser. No data is sent to any server — you can safely encode credentials, tokens, and private configuration values.
Common use cases for Base64 online
HTTP Basic Authentication
The HTTP Authorization header for Basic Auth uses Base64: Authorization: Basic {Base64(username:password)}. When debugging API requests that use Basic Auth, paste the header value into the decoder to inspect the credentials without writing any code.
Data URIs for images and fonts
Embedding images or fonts directly in CSS or HTML uses Base64 data URIs: data:image/png;base64,iVBORw0.... This eliminates an HTTP request for small assets, useful for icons, loading indicators, and email HTML where external resources may be blocked.
JWT tokens
JSON Web Tokens (JWTs) encode their header and payload using Base64url (a URL-safe variant of Base64 that replaces + with - and / with _). Decoding a JWT manually means Base64-decoding the second segment to read the claims.
API secrets and environment variables
Some deployment platforms and Kubernetes secrets store binary values (certificates, private keys) as Base64-encoded strings. Encoding a certificate file or decoding a secret value from a platform UI is a frequent task for DevOps and platform engineers.
Email attachments (MIME)
SMTP email uses Base64 to encode binary attachments within the MIME multipart format. When parsing raw email messages or building email APIs, Base64 encoding is a constant reality.
Base64 is not encryption — a critical distinction
Base64 is an encoding scheme, not an encryption algorithm. Anyone who receives a Base64-encoded string can decode it immediately without any key or password. There is no security in Base64 alone.
This is a common and dangerous misconception. Do not use Base64 to "hide" passwords, API keys, or sensitive data. Use proper encryption (AES-256-GCM) or hashing (bcrypt, Argon2) depending on whether you need to recover the value or only verify it.
Base64 provides encoding safety (binary data that can travel through text-only systems) but zero confidentiality. Use it for transport and format compatibility, not security.
Size overhead: the 33% rule
Base64 encoding increases data size by approximately 33%. Every 3 bytes of binary input become 4 ASCII characters of Base64 output. For a 1 MB image, the Base64-encoded version is about 1.37 MB.
For small assets (icons, tiny images, inline fonts) embedded in CSS, the size overhead is acceptable because it eliminates an HTTP request. For larger files, the overhead usually outweighs the benefit, and a direct URL reference is more efficient.
Base64 variants: standard vs URL-safe
Standard Base64 uses + and / as the 62nd and 63rd characters. These are special characters in URLs, so a URL-safe variant (Base64url) replaces them with - and _ respectively. Padding (=) is also often omitted in URL-safe contexts.
JWTs, OAuth tokens, and URL-embedded data use Base64url. If you paste a JWT segment and get unexpected characters, check whether you need URL-safe decoding (replace - with + and _ with / before standard decoding).
Frequently asked questions
Can I Base64-encode binary files like images?
The browser-based tool encodes text input. For binary file encoding, use a command-line tool: on macOS/Linux, base64 image.png; on Windows PowerShell, [Convert]::ToBase64String([IO.File]::ReadAllBytes('file.png')).
Why does my Base64 string end with == or =?
Padding characters (=) are added because Base64 encodes 3 bytes at a time. If the input length is not a multiple of 3, one or two padding characters are appended. This is normal and expected.
Is Base64 the same as hex encoding?
No. Hex (hexadecimal) encoding uses 16 characters (0–9, a–f) and encodes 4 bits per character, doubling the data size. Base64 is more efficient at 33% overhead compared to hex's 100% overhead.
Can I decode Base64 in JavaScript?
Yes. Browser JavaScript has built-in functions: btoa(str) encodes and atob(str) decodes. For Node.js, use Buffer.from(str, 'base64').toString('utf8').
Does Base64 work for Unicode text?
Standard btoa() fails on non-Latin characters. For Unicode text, encode to UTF-8 bytes first, then Base64. This tool handles Unicode input correctly using the TextEncoder API.