March 26, 20265 min read

Base64 Encoder and Decoder: Encode, Decode, and Inspect in One Place

Encode text or binary data to Base64 and decode it back instantly. Essential for working with APIs, auth headers, and email attachments.

base64 encode decode developer-tools calchub

Base64 shows up everywhere in software development — HTTP Basic Auth headers, JWT tokens, email attachments, inline images in CSS, data URIs, binary payloads in REST APIs. It's not encryption, it's not compression, it's just a way to represent binary data using only printable ASCII characters. The CalcHub Base64 tool makes encoding and decoding a three-second job.

What Base64 Actually Is

Base64 takes binary data and encodes it as a string of 64 printable characters (A–Z, a–z, 0–9, +, /). Every 3 bytes of input become 4 characters of output, which means the encoded string is about 33% larger than the original.

The point isn't size efficiency — it's compatibility. Some systems (old email servers, certain APIs, HTTP headers) can't safely pass arbitrary binary bytes. Base64 sidesteps that by converting everything to safe ASCII.

How to Use the Tool

Encoding:

Paste your text or data into the input field
Select Encode
Copy the Base64 output

Decoding:

Paste a Base64 string into the input field
Select Decode
Read the original text output

The tool handles both standard Base64 and URL-safe Base64 (which replaces + with - and / with _). URL-safe is what you'll see in JWT tokens and many modern APIs.

Real Scenarios Where You'll Use This

Decoding HTTP Basic Auth credentials. When an API uses Basic Auth, the Authorization header looks like this:

Authorization: Basic dXNlcjpwYXNzd29yZA==

Paste dXNlcjpwYXNzd29yZA== into the decoder and you'll see user:password. This is how Basic Auth works — it's encoding, not encryption, which is why HTTPS is non-negotiable for any Basic Auth endpoint.

Inspecting JWT tokens. A JWT has three parts separated by dots. The first two (header and payload) are Base64url-encoded JSON. Decode them to see what claims are inside. (Check out the dedicated JWT Decoder on CalcHub for a more structured view.) Creating data URIs for small images. Instead of a separate HTTP request for a tiny icon, you can inline it in CSS:

background-image: url('data:image/png;base64,iVBORw0KGgoAAAANS...');

Encode your PNG file in Base64 and drop it straight into your stylesheet.

Working with API payloads. Some APIs, particularly those handling binary content like PDFs or images, will Base64-encode the content in a JSON field. Decode it to see what's actually there.

Encoding Variants to Know About

Variant	Characters used	Common use case
Standard Base64	`A-Z a-z 0-9 + /`	Email (MIME), general data
URL-safe Base64	`A-Z a-z 0-9 - _`	JWT, URLs, query strings
MIME Base64	Standard + line breaks every 76 chars	Email attachments

If you're decoding something that comes from a URL or a JWT and it's not working, try switching to URL-safe mode — the + vs - difference is a common source of "invalid Base64" errors.

Tips

Don't use Base64 as security. It's trivially reversible. dXNlcjpwYXNzd29yZA== is not a secret — anyone can decode it in two seconds. If you're storing passwords or sensitive data, use actual hashing (bcrypt, Argon2) or encryption. Padding matters. Valid Base64 strings have lengths divisible by 4, padded with = characters. If you're manually constructing a Base64 string and it's off by one, add the right number of = chars to fix it. Newlines cause decoding failures. If you copy a Base64 string from an email or a terminal that wrapped long lines, strip the newlines before decoding. The tool handles this automatically for most inputs.

Is Base64 the same as encryption?

No. Base64 is encoding — a reversible transformation with no secret key involved. Anyone who sees a Base64 string can decode it instantly. Encryption is a different concept entirely and requires a key. Never store passwords or secrets as Base64.

Why does my decoded output look like gibberish?

If the original data was binary (an image, a PDF, a compiled binary), the decoded output will look like garbled characters in a text display — that's expected. Binary data decoded to text doesn't produce readable characters. For binary files, you'd save the decoded output as a file rather than reading it as text.

What's the `=` padding at the end of Base64 strings?

Base64 encodes in groups of 3 bytes → 4 characters. If the input isn't a multiple of 3 bytes, the encoder pads the end with = characters (one or two) to make the output length a multiple of 4. It's just alignment, not meaningful data.

JWT Decoder — structured view of Base64url-encoded JWT tokens
JSON Formatter — format the JSON you just decoded from a JWT or API payload
Hash Generator — generate MD5/SHA hashes of your encoded data
URL Encoder/Decoder — similar concept but for URL query string encoding