Input
Decode Base64 text.
Output
About Base64 Decode
Base64 Decode converts data between its raw form and Base64 representation, which encodes binary or text content as a string of 64 safe ASCII characters. Base64 is widely used in HTTP Basic Auth headers, JWT token segments, data URIs, and API payloads that carry binary content inside JSON. Use it to encode content before embedding it in a header or payload, to decode a token segment or data URI to inspect its contents, or to prepare a value for storage in a text field.
Common uses
- Encode binary content or text as Base64 for use in HTTP Basic Auth headers, data URIs, and API payloads.
- Decode Base64 strings from JWT token segments, email attachments, and API responses to read their content.
- Check whether a value you received is Base64-encoded by decoding it and inspecting the output.
- Prepare Base64 strings for environment variables, configuration files, and test fixtures.
Related tools
FAQ
Is Base64 the same as encryption?
No. Base64 is an encoding scheme, not encryption. It converts binary data into a string of safe ASCII characters, but anyone can decode it instantly without a key. Never use Base64 to hide sensitive data — use proper encryption if confidentiality is required.
What is the difference between Base64 and Base64URL?
Standard Base64 uses + and / characters, which have special meaning in URLs. Base64URL replaces + with - and / with _, and omits the = padding characters, making the output safe to use in URLs and JWT tokens without further percent-encoding.
Why is Base64 output longer than the input?
Base64 encodes every 3 bytes of input as 4 characters of output, which is a 33% overhead. This size increase is the trade-off for making binary data safe to transmit over text-only channels.
Is Base64 Decode free to use?
Yes — Base64 Decode is completely free and requires no sign-up or account. There are no usage limits for standard decoder tasks.
Does Base64 Decode send my data to a server?
No. Base64 Decode runs entirely in your browser using JavaScript. Text you paste and files you upload never leave your machine, so it is safe to use with sensitive payloads, API tokens, and internal configuration data.