Base64 encoding, binary data as safe text
Base64 is a binary-to-text encoding that represents any sequence of bytes as a string of 64 printable ASCII characters: A–Z, a–z, 0–9, +, and /, with = used as padding. It was designed to carry binary data (images, files, arbitrary bytes) through systems that only handle text, email protocols (SMTP), HTTP headers, JSON payloads, XML attributes, and many data interchange formats. Every 3 bytes of input become 4 characters of output, making Base64 output roughly 33% larger than the original.
Common uses: embedding images in HTML and CSS as data URIs (src="data:image/png;base64."), encoding binary files for JSON API transmission, storing binary credentials in environment variables, and Basic Authentication in HTTP headers (Authorization: Basic dXNlcjpwYXNz is the Base64-encoded user:pass). The URL-safe variant replaces + with - and / with _ to make Base64 strings safe in URLs without percent-encoding.
| Variant | Characters used | Typical use |
|---|---|---|
| Standard Base64 | A–Z a–z 0–9 + / | Email (MIME), data URIs, general encoding |
| URL-safe Base64 | A–Z a–z 0–9 - _ | JWT tokens, OAuth, URL parameters |
| MIME (line-wrapped) | Standard + CRLF every 76 chars | Email attachments |
Decoding to inspect encoded payloads
Paste any Base64 string here and click Decode to see the underlying text. This is useful for inspecting JWT payload sections (the middle segment of a JWT token, between the two dots, is Base64url-encoded JSON), HTTP Basic Auth headers, encoded configuration values, and data URIs. Remember that Base64 is encoding, not encryption, any decoded string is readable in plain text. Never treat Base64 as a security measure for sensitive data without actual encryption layered on top.
Related: URL encoder for percent-encoding, JSON formatter for decoded JWT payloads.