Key takeaways
- 01Encode any text to Base64 or decode Base64 back to text instantly, with no server involvement.
- 02Supports both standard Base64 (+, /) and URL-safe Base64 (-, _) used in JWTs and signed URLs.
- 03Full UTF-8 support means emoji, Cyrillic, CJK, and Arabic encode and decode correctly every time.
- 04Base64 is encoding, not encryption — never use it to hide secrets; use real encryption instead.
What Is Base64 and When Do You Need It?
Base64 is a way to represent binary data as printable ASCII text. It shows up constantly in developer work: embedding images in CSS as data URIs, transmitting binary payloads over JSON APIs, encoding credentials in HTTP Basic Auth headers, and forming the payload segment of a JWT. It is not encryption — anyone can decode it — but it is essential whenever a channel accepts only text.
Most developers reach for a command-line tool or a quick script. Handytool gives you a browser-based alternative that is instant, handles Unicode correctly, supports both standard and URL-safe variants, and never sends your input anywhere.
How to Encode or Decode Base64
- 01
Paste or type your input
Type or paste the text you want to encode — or the Base64 string you want to decode — into the input box.
- 02
Choose standard or URL-safe mode
Toggle to URL-safe mode if you are working with JWTs, OAuth tokens, or signed URLs. URL-safe Base64 replaces + with - and / with _, and drops trailing = padding.
- 03
Select encode or decode
Click Encode to convert plain text to Base64, or Decode to convert Base64 back to readable text.
- 04
Copy the result
Click the copy button next to the output to put the result on your clipboard, ready to paste into your code, terminal, or API client.
Common Base64 Use Cases
Base64 comes up in many places in everyday development.
- 01Data URIs — embed small images or fonts directly in HTML or CSS without a separate file request.
- 02HTTP Basic Auth — credentials are sent as Base64(username:password) in the Authorization header.
- 03JWT payloads — the header and payload segments of a JWT are URL-safe Base64.
- 04Binary API fields — some APIs require binary content (signatures, keys) encoded as Base64 in JSON.
- 05Email attachments — MIME uses Base64 to encode attachments as ASCII text for transit.
- 06Content-hashing tokens — HMAC and hash digests are often delivered as Base64 rather than hex.
Safe to Use With Sensitive Strings
Encoding and decoding happen entirely in your browser using the native btoa, atob, and TextEncoder APIs. Nothing is transmitted to a server. You can safely paste API keys, OAuth tokens, or other sensitive strings to inspect or encode them without any privacy risk.
Remember that Base64 is not a security layer. Anyone who can see a Base64 string can decode it in seconds. Use it to format data correctly, not to protect it.
Base64 Encoder FAQ
What is Base64 encoding used for?
Base64 represents binary data as ASCII text. Common uses include data URIs in CSS, JWT payloads, HTTP Basic Auth credentials, and binary fields in JSON APIs.
What is URL-safe Base64?
Standard Base64 uses + and / which have special meaning in URLs. URL-safe Base64 replaces them with - and _ and drops = padding. JWTs, OAuth tokens, and signed URLs all use this variant.
Is Base64 the same as encryption?
No. Base64 is encoding — anyone can decode it. For actual secrecy use real encryption like AES or TLS. Base64 is for formatting data so it can travel through text-only channels.
Why does my Base64 output look wrong for non-English text?
Many tools treat input as Latin-1, which breaks on emoji and non-ASCII characters. Handytool converts input to UTF-8 bytes first using TextEncoder, so all Unicode characters encode correctly.
Is my input uploaded to a server?
Never. The encoder uses browser-native APIs (btoa/atob and TextEncoder) and runs entirely locally. Nothing is sent, logged, or stored.
Is it free to use?
Yes. Handytool is completely free with no sign-up, no usage cap, and no ads in the way.