Base64 Encode / Decode
Instantly encode plain text to Base64 or decode Base64 strings back to readable text.
Base64 encoding and decoding runs entirely in your browser. Your input is not uploaded to CodeAva servers and is not stored. Base64 is an encoding scheme, not encryption — encoded data is not protected.
Overview
Base64 is a binary-to-text encoding scheme that converts arbitrary byte sequences into a string of 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It is not encryption and it does not protect your data in any way — any Base64 string can be decoded back to its original content by anyone who has it. Its purpose is safe transport of binary data through systems that only handle text.
You will encounter Base64 in HTTP Basic Authentication headers, data URIs for inline images and fonts, JSON Web Tokens (the header and payload segments are Base64URL), email attachments (MIME encoding), and API responses that embed binary content. Understanding Base64 well means knowing when it is appropriate and when you are reaching for it out of habit rather than necessity.
This tool handles standard Base64 (using + and /) and also accepts URL-safe Base64 (using - and _) for decoding. It processes UTF-8 text correctly, which matters when your input contains non-ASCII characters like accented letters, CJK characters, or emoji.
Use cases
When to use it
- API payloadsencode binary data or structured credentials for transport in headers or JSON.
- Data URIsencode images or fonts as Base64 for inline embedding in HTML or CSS.
- Debugging encoded valuesdecode Base64 strings from JWT payloads, auth headers, or API responses to inspect their contents.
- HTTP Basic Auththe Authorization: Basic header encodes credentials as Base64 — decode to inspect or construct.
When it's not enough
- Protecting secretsBase64 is trivially reversible — never use it as a security or obfuscation layer.
- Encryptionencoding is not encryption. If you need to protect data, use AES, RSA, or a proper cryptographic library.
- Secure storagestoring passwords or sensitive values as Base64 provides no protection — use bcrypt or Argon2 for passwords.
How to use it
- 1
Select a mode
Choose Encode to convert plain text to Base64, or Decode to convert a Base64 string back to text.
- 2
Paste or type your input
Enter the text or Base64 string in the left panel. Output updates automatically as you type.
- 3
Review the output
The result appears in the right panel. If the input is invalid Base64, an error message is shown.
- 4
Use Swap to reverse
Click Swap to move the output back to input and flip the mode — useful for round-trip testing.
- 5
Copy the result
Use the copy button on the output panel to copy the result to your clipboard.
Common errors and fixes
Invalid Base64 string
Base64 strings may only contain A–Z, a–z, 0–9, +, /, and = (for padding). Characters like spaces, hyphens (in standard mode), or underscores are not valid. For URL-safe Base64, replace - with + and _ with / before decoding.
Padding error — incorrect = characters
Base64 output length is always a multiple of 4, padded with = characters. If the string has been trimmed or modified, the padding may be off. Try adding one or two = characters to the end.
Output contains garbled characters
This usually means the original data was binary, not text. Base64 decoding binary content as UTF-8 text will produce unreadable output. The data may be an image, certificate, or other non-text format.
Non-ASCII input produces unexpected output
Encoding works correctly with Unicode text — the tool uses encodeURIComponent to handle UTF-8 before encoding. If you are comparing output with another tool that handles encoding differently, results may vary.
URL-safe Base64 fails to decode
JWT tokens and some APIs use URL-safe Base64 (- instead of + and _ instead of /). If decoding fails, try replacing - with + and _ with / in your input before decoding.