# How to Encode and Decode Base64

> Encode text or binary data to Base64, or decode Base64 strings back to their original content.

- URL: https://www.browserutils.dev/how-to/encode-base64
- Published: 2026-03-05
- Updated: 2026-03-16

---

## Step 1: Enter your text

Type or paste the text you want to encode into the input field.

## Step 2: Get the Base64 output

The tool converts your input to a Base64 string instantly. For decoding, paste a Base64 string instead.

## Step 3: Choose encoding options

Select standard Base64 or URL-safe Base64 depending on where you'll use the output.

## Step 4: Copy the result

Copy the encoded or decoded output with one click.

Base64 encoding comes up constantly in web development — from embedding images in HTML to sending credentials in HTTP headers. If you need to quickly encode or decode a string without spinning up a terminal, the [Base64 Encoder](/tools/base64-encoder) handles it instantly in your browser.

## Understanding Base64

Base64 is an encoding scheme, not encryption. This distinction matters. Encoding converts data into a different representation so it can travel safely through systems that only handle text (like email protocols or JSON payloads). Anyone can decode Base64 — there is no key, no secret, and no security. Never use Base64 to "hide" passwords or sensitive data.

The scheme works by taking every 3 bytes of input and converting them into 4 ASCII characters drawn from a set of 64 characters (A-Z, a-z, 0-9, `+`, `/`, and `=` for padding). This means Base64 output is always about 33% larger than the input. URL-safe Base64 replaces `+` with `-` and `/` with `_` so the output can be used in URLs without percent-encoding.

Common use cases include:

- **Data URIs:** Embedding small images or fonts directly in CSS or HTML with `data:image/png;base64,...` to avoid extra HTTP requests.
- **Authorization headers:** HTTP Basic Auth encodes `username:password` as Base64 in the `Authorization` header.
- **JWT tokens:** Each segment of a JWT is Base64url-encoded JSON. You can decode them to inspect claims without a library.
- **Binary data in JSON:** Since JSON cannot represent raw bytes, binary content like file uploads is often Base64-encoded before being placed in a JSON field.

## Tips and best practices

- **Use URL-safe Base64 for anything that goes in a URL** or query parameter. Standard Base64 characters like `+` and `/` have special meaning in URLs and will cause breakage.
- **Do not Base64-encode large files in production.** The 33% size overhead adds up fast. Use proper file upload mechanisms instead.
- **Remember that Base64 is reversible by anyone.** If you see credentials in a Base64 string in a codebase, they are not protected — they are just obfuscated.
- **Check for padding.** Valid Base64 strings have a length divisible by 4. Missing `=` padding characters can cause decoding failures in strict parsers.

## Common issues

- **Garbled output when decoding:** This usually means the input is not actually Base64, or it uses URL-safe encoding while the decoder expects standard encoding (or vice versa).
- **Whitespace in the input:** Some tools insert line breaks in long Base64 strings (MIME-style). Strip newlines and spaces before decoding if you get unexpected errors.
- **Encoding already-encoded data:** Double-encoding is a common mistake. If your output looks like valid Base64 but decodes to another Base64 string, you have encoded it one too many times.