Developer

How to Encode and Decode Base64

4 min read Updated 30 June 2026

If you have ever pasted a long, jumbled string that ends in one or two equals signs, you have met Base64. It is one of the most common ways to package text or data so it survives travel through systems that only expect plain, printable characters — email headers, JSON payloads, data URIs, config files, and more. Knowing how to base64 encode and decode is a small skill that quietly saves a lot of time.

This guide explains what Base64 actually does, when you would reach for it, and how to encode and decode text in a few seconds using Tooldrop's Base64 Encoder / Decoder at /dev/base64. It is free, needs no sign-up, has no limits, and runs entirely in your browser — so the text you paste is never uploaded to a server.

Step by step

  1. 1Open the Base64 Encoder / Decoder at /dev/base64 — no sign-up or install needed.
  2. 2Pick a mode using the buttons at the top: choose Encode to turn plain text into Base64, or Decode to turn Base64 back into readable text.
  3. 3Paste or type your content into the input box. In Encode mode it is labelled 'Plain text'; in Decode mode it is labelled 'Base64 text'.
  4. 4Watch the Result panel update live as you type — there is no button to press to run the conversion.
  5. 5Check for a friendly error message if you are decoding: invalid Base64 or non-text data is flagged clearly instead of producing garbage.
  6. 6Click Copy to put the result on your clipboard, then paste it wherever you need it.
  7. 7Switch modes any time to reverse the operation — encode something, then hit Decode to confirm it round-trips back to the original.
Try it now — it's free
Runs in your browser. No upload, no sign-up.
Open Base64 Encode / Decode

What Base64 actually is (and isn't)

Base64 is an encoding, not encryption. It takes raw bytes and represents them using only 64 safe, printable characters (A–Z, a–z, 0–9, plus + and /), often padded with = at the end. The point is portability: many older protocols and text-only fields can mangle special characters, control bytes, or binary data, so wrapping everything in this limited alphabet guarantees it arrives intact.

Because it is reversible by anyone, Base64 offers zero security on its own. Encoding a password or API key in Base64 hides it from a casual glance but protects nothing — anyone can decode it instantly. Use it for transport and embedding, never as a way to keep secrets. One side effect to remember: Base64 output is about 33% larger than the original, since every 3 bytes become 4 characters.

When you'll want to base64 encode or decode

The most common reasons people reach for Base64 encode and decode are embedding and inspecting. Data URIs let you inline a small image or font directly in HTML or CSS as a data:...;base64,... string, avoiding an extra network request. Email attachments are Base64-encoded under the hood. Many JSON APIs accept binary blobs as Base64 fields, and JWT tokens are made of Base64url segments.

On the decode side, you might be debugging — pulling a value out of a log, a token, or a config file and wanting to read what it really says. Pasting it into a decoder turns the noise back into human-readable text in a moment, which is far quicker than reasoning about it by hand.

Unicode, emoji, and accents handled correctly

A classic trap with Base64 in the browser is that the built-in btoa/atob functions only understand Latin-1, so anything outside that range — accented letters, emoji, non-Latin scripts — either throws an error or silently corrupts. Tooldrop's tool sidesteps this by converting your text to and from UTF-8 bytes first, so 'café', '日本語', and '🎉' all encode and decode cleanly and round-trip back to exactly what you started with.

When decoding, the tool also validates the result. If the input isn't valid Base64, or the decoded bytes aren't valid UTF-8 text, you get a clear, friendly message instead of a wall of broken characters — so you know to check your input rather than trust a bad result.

Private by design: nothing leaves your browser

Everything in the Base64 Encoder / Decoder happens on your device. The conversion runs in JavaScript right in the page, so the text you paste is never sent to a server, never stored, and never logged. That makes it genuinely safe to inspect or encode internal strings, tokens, and other sensitive snippets.

Tooldrop is a hub of free, browser-based tools built this way on purpose: no sign-up, no usage limits, and most tools process files and text on-device so they are never uploaded. If you found this useful, related dev tools like the URL Encoder at /dev/url-encoder, JWT Decoder at /dev/jwt-decoder, and Image to Base64 at /image/to-base64 work the same private way.

Frequently asked questions

Is Base64 a form of encryption?
No. Base64 is an encoding that anyone can reverse, so it provides no security at all. It exists to make data safe to transport through text-only systems, not to hide it. If you need to protect something, use real encryption — Base64 only changes how the data looks, not who can read it.
Does the tool handle emoji and accented characters?
Yes. It converts text to and from UTF-8 first, so emoji, accents, and non-Latin scripts encode and decode correctly and round-trip back to the original. Plain browser btoa/atob can't do this reliably, which is why this tool wraps them with proper UTF-8 handling.
Is my text uploaded anywhere when I encode or decode?
No. The entire conversion runs in your browser in JavaScript, so your text never leaves your device and is never sent to a server, stored, or logged. That makes it safe to encode or inspect sensitive strings, tokens, and internal data.
Why am I getting an error when I decode?
Decoding fails with a friendly message when the input isn't valid Base64 or when the decoded bytes aren't valid UTF-8 text. Check that you copied the full string, removed any stray whitespace, and didn't accidentally leave the tool in Encode mode — then try again.

Tools used in this guide

Related guides