Base64 Encoder

Encode and decode base64 in your browser. UTF-8 safe, file uploads supported, URL-safe variant included.

Input 0 chars URL-safe variant Output 0 chars

Everything runs in your browser. Nothing is uploaded.

What is base64 encoder?

Base64 is a binary-to-text encoding that represents arbitrary bytes using 64 printable ASCII characters: the 26 uppercase letters, 26 lowercase letters, 10 digits, and the symbols + and /. It exists because many older protocols — email, HTTP headers, URLs — were designed to carry only ASCII text, so binary data has to be transformed into a safe textual form to travel through them. Base64 was standardized as part of MIME in 1996 (RFC 2045) and refined as a standalone spec in RFC 4648.

The encoding works by taking three bytes of input at a time (24 bits total) and splitting them into four 6-bit groups. Each 6-bit group maps to one character from the base64 alphabet, producing four output characters. When the input length is not divisible by three, the encoder pads the final group with = characters so the output length is always a multiple of four. This is why base64-encoded data is roughly 33% larger than its input.

In modern web development, base64 shows up in a handful of recurring places. Small images can be inlined into HTML or CSS as data: URIs, which trade caching for one fewer HTTP request — useful for icons, but a poor choice for anything large enough to defeat the browser cache. HTTP Basic Authentication uses base64 to encode username:password into an Authorization header. JSON Web Tokens use the URL-safe variant of base64 to package three segments (header, payload, signature) into a compact string that can travel safely in URLs and headers. APIs that need to send binary data — file uploads, certificates, signatures — typically encode that data as a base64 string inside a JSON body, since JSON itself can’t carry raw bytes.

A common pitfall: many naive base64 implementations break on non-ASCII text. JavaScript’s built-in btoa() function, for example, throws an error on any character outside Latin-1, which means it can’t directly handle emojis, Chinese characters, or accented Latin letters. The fix is to first encode the text into UTF-8 bytes, then run base64 over those bytes. This tool does that transparently, so any text — emoji, CJK, accented Latin — encodes correctly without you needing to think about it.

Base64url, sometimes called URL-safe base64, is a variant that replaces the + and / characters with - and _ so the output can be dropped into URLs, query parameters, and filenames without further escaping. It also typically strips the trailing = padding because the length of the original data can be inferred from context. This is the variant used in JWTs, OAuth tokens, and many modern HTTP APIs. Use the URL-safe toggle in this tool whenever your destination is a URL, header, or filename.

Performance is rarely a concern for human-scale inputs, but for very large files base64 has costs worth knowing. The 33% size inflation is real — encoding a 10 MB file produces a roughly 13 MB string. If you control both ends of a pipe, sending raw binary (e.g. via multipart/form-data or a binary WebSocket frame) is almost always preferable. Base64 is a compatibility tool: useful when your transport demands text, unnecessary when it doesn’t.

When to use a base64 encoder

Embedding images in HTML or CSS — Convert small images to a `data:` URI so they ship inline with your page. Common for icons under 10 KB where saving an HTTP request matters more than caching.
HTTP Basic Authentication headers — Browsers and HTTP clients require `Authorization: Basic <base64>` where the base64 value encodes `username:password`. Encode the pair here to get the exact header value.
Inspecting JSON Web Tokens (JWT) — JWTs are three base64url-encoded segments separated by dots. Toggle the URL-safe variant to encode or decode JWT segments by hand for debugging.
Email attachments and MIME — SMTP only carries 7-bit ASCII, so binary attachments are base64-encoded by mail clients. Encode a file here to inspect what your mail client will produce.
Binary data in JSON APIs — Some APIs require binary payloads — file uploads, signatures, certificates — to be transported as base64 strings inside JSON request bodies.

How to use the Base64 Encoder

Choose Encode or Decode — Use the tab toggle at the top of the tool to pick the direction. Encode converts text or a file into base64. Decode reverses base64 back into text.
Paste your input — Type or paste text into the Input box. To encode a file, click 'Drop file ⇣' or drag-and-drop a file onto the input area. Files up to 10 MB are supported.
Toggle URL-safe variant if needed — Check 'URL-safe variant' if you need a string that's safe in URLs and filenames — for example, JWT segments, OAuth tokens, or query parameters.
Copy the output — The result appears in the Output box automatically as you type. Click the Copy button to copy it to your clipboard.

Worked examples

Encode plain text

Input:  hello world
Output: aGVsbG8gd29ybGQ=

Encode UTF-8 text with an emoji

Input:  Café 🚀
Output: Q2Fmw6kg8J+agA==

Naive encoders that call btoa() directly fail on emoji. This tool converts to UTF-8 bytes first, so multi-byte characters encode correctly.

Encode for HTTP Basic Auth

Input:  alice:s3cr3t
Output: YWxpY2U6czNjcjN0

Send as: Authorization: Basic YWxpY2U6czNjcjN0

URL-safe variant

Input:  subjects?
Output: c3ViamVjdHM_

URL-safe replaces / with _ and + with -, and strips trailing = padding. Use it for JWTs, OAuth tokens, and query parameters.

Frequently asked questions

Is base64 encryption?

No. Base64 is encoding, not encryption. It is fully reversible — anyone can decode a base64 string back to the original bytes. If you need to protect data, use real encryption such as AES, then optionally base64-encode the encrypted output for transport.

Why is the encoded output longer than the input?

Base64 represents three bytes (24 bits) of input as four characters (32 bits) of output, so the encoded data is roughly 33% larger than the original. Trailing = padding adds a small amount more.

What is the difference between base64 and base64url?

Base64url (also called URL-safe base64) replaces the + and / characters with - and _, and strips trailing = padding. This makes the output safe inside URLs, filenames, and HTTP headers without needing extra escaping. Toggle the 'URL-safe variant' option on this page to switch between standard and URL-safe output.

Can I encode a file with this tool?

Yes. Drag and drop a file onto the input area, or click 'Drop file ⇣' to choose one. The file's bytes are read in your browser and converted to base64. Files up to 10 MB are supported. The file never leaves your device.

Is my data uploaded to a server?

No. This encoder runs entirely in your browser using JavaScript's built-in btoa, atob, and FileReader APIs. Nothing is sent to any server, including ours. You can verify this by opening browser dev tools and watching the network tab while you encode — there are no requests.

Why does my emoji or accented text encode strangely in other tools?

Emojis and accented characters are multi-byte in UTF-8. We encode them correctly by converting your text to UTF-8 bytes first, then base64-encoding those bytes. Tools that call btoa(text) directly fail or produce incorrect results for any non-ASCII input.

What does the equals-sign padding mean?

Standard base64 outputs are padded to a length that's a multiple of 4 with = characters. The padding has no information; it just signals to the decoder how many bytes were in the original input. URL-safe base64 typically strips the padding. Both forms decode to the same data.

When should I use base64 in my own code?

Use base64 to embed small images as data: URIs in CSS, to generate Authorization: Basic headers for HTTP Basic Auth, to manually inspect JWT payloads, and to serialize binary file contents inside a JSON request body. Most languages have a base64.encode standard library function that does the same thing programmatically.