Base64 is a binary-to-text encoding scheme that converts any data into a string of 64 printable characters. It lets you safely pass binary content — files, credentials, tokens — through systems that only understand plain text. Encoding a string takes one second; the free Base64 Converter does it entirely in your browser.
This guide explains how Base64 works, where developers actually use it, how to encode and decode strings without installing anything, and the one mistake that catches beginners — confusing encoding with encryption.
What is Base64 encoding?
Base64 takes any input — text, a binary file, an image — and maps every 3 bytes of raw data to exactly 4 printable ASCII characters drawn from an alphabet of 64: uppercase A–Z, lowercase a–z, digits 0–9, plus + and /.
A quick example — encoding the word Hello:
| Input (text) | Input (bytes) | Base64 output |
|---|---|---|
| Hello | 48 65 6C 6C 6F | SGVsbG8= |
| Hello, World! | 48 65 6C 6C 6F 2C 20 57 6F 72 6C 64 21 | SGVsbG8sIFdvcmxkIQ== |
| admin:password | 61 64 6D 69 6E 3A 70 61 73 73… | YWRtaW46cGFzc3dvcmQ= |
The trailing = and == are padding. Because Base64 works in 3-byte groups, if the input length is not a multiple of 3, padding characters fill the final group. One = means one byte of padding; two means two. This is expected and correct — not an error.
The output is always about 33% larger than the input — the cost of representing binary data as printable text.
Advertisement
Base64 is encoding — not encryption
Anyone can decode a Base64 string instantly with no key. Never use it to protect sensitive data. Use proper encryption (AES-256, RSA) for confidentiality. Base64 only ensures safe transmission of binary data through text-only channels.
Why developers use Base64
Base64 solves a specific problem: many protocols and formats — HTTP headers, JSON, XML, email — were designed to carry text only. When you need to include binary content in those channels, Base64 converts it to a text-safe representation without corrupting the data.
HTTP Basic Authentication
The Authorization header encodes credentials as Base64: "username:password" → "dXNlcm5hbWU6cGFzc3dvcmQ=". Every HTTP client decodes this before checking credentials. It is not secure on its own — always use HTTPS.
JWT tokens
JSON Web Tokens use Base64url encoding (a URL-safe variant) for both the header and payload sections. You can decode the payload without a key to read claims — but you need the key to verify the signature.
Inline images (data URIs)
HTML and CSS embed images as Base64 data URIs: src="data:image/png;base64,iVBOR…". Avoids an extra HTTP request for small icons and logos.
Email attachments (MIME)
The MIME standard encodes email attachments as Base64 so binary files survive transit through mail servers that only handle 7-bit ASCII text.
API payloads
REST and GraphQL APIs often Base64-encode binary fields — file uploads, cryptographic signatures, public keys — when the payload format is JSON.
Storing binary data in text fields
Databases with VARCHAR or TEXT columns use Base64 to store certificates, keys, and binary blobs without needing a dedicated BLOB column type.
How to encode and decode Base64 online
The NextUtils Base64 Converter handles text strings, files, and images entirely in your browser. Nothing is sent to a server:
Open the Base64 Converter
Go to nextutils.com/tools/converters/base64 — no sign-up, no account. The tool loads instantly.
Paste your input
To encode: paste plain text, an API credential, or any string. To decode: paste the Base64 string you received — from an Authorization header, a JWT payload section, or an API response.
Select Encode or Decode
Choose the direction. For files and images, use the file upload option — the tool reads the file locally and encodes it to a Base64 data URI without sending it anywhere.
Copy the result
Click Convert, then Copy. The output goes straight to your clipboard — ready to paste into a header, a config file, or your code.
Encode or decode a Base64 string now
Free, instant, browser-only. Supports text, files, and images. Nothing is transmitted.
Open Base64 Converter →Advertisement
Base64 encode and decode in code
Every major language has native Base64 support. Here are the one-liners you will use most often:
JavaScript (browser)
// Encode
btoa("Hello, World!") // → "SGVsbG8sIFdvcmxkIQ=="
// Decode
atob("SGVsbG8sIFdvcmxkIQ==") // → "Hello, World!"
// Encode with Unicode support (btoa fails on non-ASCII)
btoa(encodeURIComponent("café")) // → encode first, then btoaJavaScript (Node.js)
// Encode
Buffer.from("Hello, World!").toString("base64")
// → "SGVsbG8sIFdvcmxkIQ=="
// Decode
Buffer.from("SGVsbG8sIFdvcmxkIQ==", "base64").toString("utf8")
// → "Hello, World!"
// Build a Basic Auth header
const token = Buffer.from("user:pass").toString("base64");
fetch(url, { headers: { Authorization: `Basic ${token}` } });Python
import base64
# Encode
base64.b64encode(b"Hello, World!").decode()
# → 'SGVsbG8sIFdvcmxkIQ=='
# Decode
base64.b64decode("SGVsbG8sIFdvcmxkIQ==").decode()
# → 'Hello, World!'
# URL-safe variant (for JWT, URL params)
base64.urlsafe_b64encode(b"Hello")Bash / terminal
# Encode echo -n "Hello, World!" | base64 # → SGVsbG8sIFdvcmxkIQ== # Decode echo "SGVsbG8sIFdvcmxkIQ==" | base64 --decode # → Hello, World! # Build an Authorization header echo -n "user:password" | base64
Why use a browser-based Base64 tool?
Credentials and tokens encoded as Base64 are common — and pasting them into a server-side tool means those values travel over a network. A browser-based tool removes that risk entirely:
Credentials stay local
API keys, Basic Auth credentials, and JWT payloads are processed only in your browser tab. Nothing is logged or transmitted.
Instant — no round-trip
Encoding and decoding happen in microseconds using browser-native APIs. No network latency, no server queue.
Files and images too
Drop a file or image directly into the tool to get its Base64 representation — the file is read locally by the File API and never uploaded.
Standard Base64 vs Base64url
There are two common variants. Knowing which to use prevents a subtle class of bug:
| Variant | Special chars | Used in |
|---|---|---|
| Standard Base64 | + and / | MIME email, HTTP headers, JSON fields, data URIs |
| Base64url | - and _ (no padding =) | JWT tokens, OAuth tokens, URL query params, filenames |
If you are decoding a JWT and getting garbled output, switch to a Base64url decoder (or replace - with + and _ with / before decoding). Use the JWT Decoder for JWT-specific decoding — it handles Base64url automatically.
Related developer tools
JSON Formatter
Pretty-print, validate, and minify JSON — useful when inspecting decoded Base64 API payloads and JWT claims.
JWT Decoder
Decode and inspect JWT header, payload, and signature. Handles Base64url automatically — no manual conversion needed.
URL Encoder / Decoder
Percent-encode strings for safe use in URLs and query parameters — a different encoding to Base64 but often needed alongside it.
XML → JSON Converter
Convert XML responses — common in SOAP APIs that also use Base64-encoded attachments — to readable JSON.
Frequently asked questions
What is Base64 encoding?
Base64 is a binary-to-text encoding scheme that converts any data into a string of 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It lets binary data — files, images, credentials — travel safely through systems that only handle plain text, such as email, HTTP headers, and JSON. The output is about 33% larger than the input.
Is Base64 the same as encryption?
No. Base64 is encoding, not encryption. Anyone can decode a Base64 string instantly with no key — it provides zero confidentiality. It exists only to make binary data text-safe for transmission. Never rely on Base64 to protect sensitive data. Use proper encryption (AES-256, TLS) for security.
How do I decode a Base64 string?
Paste it into the free Base64 Converter at nextutils.com/tools/converters/base64, select Decode, and click Convert. In code: atob("SGVsbG8=") in the browser, Buffer.from("SGVsbG8=", "base64").toString() in Node.js, or base64.b64decode("SGVsbG8=").decode() in Python.
Why does Base64 output end with == signs?
Base64 processes data in 3-byte blocks, producing 4 characters each. When input length is not divisible by 3, = padding characters are added to complete the last block. One = means one padding byte; == means two. This is standard behaviour — not an error.
What is URL-safe Base64?
Base64url replaces + with - and / with _ to avoid conflicts with reserved URL characters. It also typically omits the trailing = padding. JWT tokens use Base64url for their header and payload sections. Use a Base64url decoder (or the JWT Decoder tool) when working with JWTs.
Encode or decode Base64 instantly — free, private, no sign-up
The NextUtils Base64 Converter handles text, files, and images entirely in your browser. Nothing is transmitted or stored.
Open Base64 Converter →