What Base64 actually is
Base64 rewrites arbitrary bytes using only 64 safe characters (A–Z, a–z, 0–9, +, /, with = as padding). It exists so binary data can travel through channels that only handle text — HTTP headers, JSON payloads, email, config files. It is not encryption: anyone can decode it instantly.
The UTF-8 trap
Base64 encodes bytes, not characters. Naive browser code hands non-ASCII text straight to btoa() and throws an error, or worse, quietly mangles it. This tool converts your text to UTF-8 bytes first, so 안녕 and 👋 come back exactly as they went in. If you've ever decoded a string into mojibake, this is why.
URL-safe mode
Standard Base64 contains + and /, which mean something else inside a URL or filename, and = padding, which gets escaped. URL-safe Base64 swaps them for - and _ and drops the padding. You'll see it in JWTs, OAuth tokens and query parameters — decode those with URL-safe mode on.
Data URIs
A data URI embeds content directly in a link or stylesheet instead of pointing at a file: data:text/plain;base64,SGVsbG8=. Handy for tiny assets and quick tests, wasteful for anything large — Base64 makes data about 33% bigger.
FAQ
Is my text sent to a server?
No. Encoding and decoding happen locally in your browser with JavaScript. Nothing leaves the page, and there's no sign-up.
Is Base64 secure?
Not at all. It's an encoding, not encryption — reversing it takes one click. Never use it to hide secrets; use it to move bytes safely through text-only channels.
Why does decoding fail on my string?
Usually one of three things: it's URL-safe Base64 (turn the option on), it lost its padding when copied, or it wasn't valid Base64 to begin with. This tool tolerates missing padding and whitespace.