Base64 / URL / Hex Encoder
Encode and decode Base64, Base64url, URL and hex — instant, private, bidirectional.
35 bytes (UTF-8)
48 chars
Drop a file here to encode it (Base64), or . Files are read locally — never uploaded.
How it works
Two panes, four encodings, both directions. Type or paste in either pane and the other updates instantly: the left pane holds plain text, the right holds the encoded form in whichever mode you select — standard Base64, URL-safe Base64url, percent URL-encoding, or raw hex. Everything happens in your browser; nothing is uploaded, which matters because the things people encode are often tokens, credentials and payloads they should not be pasting into random websites.
Unicode is handled correctly, which is where naive implementations break. The venerable btoa() function throws on any character outside Latin-1, so this tool routes text through TextEncoder to produce proper UTF-8 bytes before encoding, and back through TextDecoder when decoding — emoji, CJK text and accented characters round-trip exactly. The byte count shown under each pane is the true UTF-8 byte length, not the JavaScript string length, so you can see precisely how much a payload weighs on the wire.
Decoding is forgiving where the real world is sloppy: missing Base64 padding is tolerated, whitespace and line breaks inside encoded input are stripped, and Base64url's - and _ characters are accepted in their own mode. Genuinely invalid input — an odd-length hex string, characters outside the alphabet — produces an inline error under the pane rather than a wiped result, and the last valid conversion stays visible.
Files work too: drop any file onto the drop zone and its contents are read locally with FileReader and emitted as Base64 in the encoded pane, ready to wrap in a data URI or embed in a JSON payload. Be aware of the cost — Base64 inflates data by roughly 33%, which is why it suits small assets and signatures rather than bulk transfer. For inspecting the contents of a JWT (three Base64url segments joined by dots), the dedicated JWT Decoder in the related tools below splits and pretty-prints the claims for you, including expiry checks and signature verification that a plain decoder cannot offer.
Frequently asked questions
What is the difference between Base64 and Base64url?
Standard Base64 uses + and / as its 62nd and 63rd characters, both of which collide with reserved characters in URLs and filenames. Base64url swaps them for - and _ and typically drops the trailing = padding, producing strings safe to embed in query strings, JWTs and file paths without further escaping. The encoded data is otherwise identical — JWT segments are Base64url, which is why pasting one into a strict Base64 decoder often fails.
Why does my decoded Base64 show garbage characters?
Two common causes. First, the input may be Base64url rather than standard Base64 — switch tabs and try again. Second, the decoded bytes may simply not be text: Base64 frequently wraps binary data like images or compressed payloads, and forcing binary through a UTF-8 decoder produces replacement characters. This tool decodes through TextDecoder, so genuinely non-UTF-8 output is flagged rather than silently mangled.
How does the padding with = signs work?
Base64 maps every 3 input bytes to 4 output characters, so when the input length is not a multiple of three, the output is padded with one or two = characters to keep the length a multiple of four. Decoders that follow the spec strictly require the padding; many real-world decoders (and the Base64url convention) accept its absence. This tool adds padding when encoding standard Base64 and tolerates missing padding when decoding.
How do I make a data URI from a file?
Drop the file onto the drop zone and the tool emits its Base64 encoding; prefix it with data:<mime-type>;base64, to form a complete data URI — for a PNG that is data:image/png;base64,iVBORw0…. Data URIs are handy for inlining small assets into CSS or HTML, but they inflate size by about 33% over the raw bytes and bypass HTTP caching, so keep them for assets under a few kilobytes.
Is Base64 a form of encryption?
No — and this misconception causes real security incidents. Base64 is a reversible encoding anyone can decode instantly with zero keys or secrets; encoding a password or API key in Base64 provides no protection whatsoever. Its purpose is transport: representing arbitrary bytes using a safe alphabet so binary survives text-only channels like JSON, email and URLs. If you need confidentiality, you need actual encryption.
Built by FORG — AI cost observability for agentic coding. Free tools, no signup, nothing leaves your browser.
Learn about FORG