Base64 Decoder — Quick Tools

Base64 Decoder Online — Free, Instant, No Install

Decode any Base64 string back to readable text in one click with this free Base64 decoder online — no installation, no sign-up, and your data never leaves the browser. Paste your encoded string and the decoded output appears instantly, with full UTF-8 support and clear error messages if the input is invalid.

Decoding Base64 is a daily task for developers inspecting JWT payloads, debugging API responses, or reading encoded configuration values. Rather than opening a terminal or writing a one-liner, paste it here and get the result in under a second.

How to Use the Base64 Decoder

Three steps:

Paste your Base64 string into the input panel — the encoded value you want to read in plain text — and the decoded output appears instantly in the output panel below.
Read the decoded output — the result is ready with a green "Valid" badge. If the input is invalid, an error message explains exactly why it failed.
Copy the result — click Copy or press Shift + Enter to copy the decoded text to your clipboard in one keystroke.

Need to re-encode the result? Click Swap & Encode to send the decoded text to the encoder, or switch tabs at the top to work with images.

Base64 Decode Examples

Here are concrete examples showing Base64 strings and their decoded output.

Base64 Input	Decoded Output
`SGVsbG8=`	`Hello`
`aGVsbG8gd29ybGQ=`	`hello world`
`eyJ1c2VyIjoiYWRtaW4ifQ==`	`{"user":"admin"}`
`Y2Fmw6k=`	`café`
`` (empty string)	`` (empty output)

If you see extra = characters at the end of a Base64 string, that is padding — a normal part of the format that aligns the encoded length to a multiple of 4.

How Base64 Decoding Works

Base64 encoding represents binary data as 64 printable ASCII characters. Decoding reverses the process: every 4 Base64 characters map back to 3 bytes of original data. This tool uses atob() combined with decodeURIComponent to correctly reconstruct UTF-8 text, including characters that fall outside the basic Latin range.

One common source of errors is extra whitespace or line breaks copied along with the encoded string — particularly when copying from terminal output or multi-line config files. The tool trims surrounding whitespace automatically, but newlines embedded in the middle of the string will cause a validation failure.

Common Mistakes When Decoding Base64

Decoding a Base64URL string with standard Base64: If your string comes from a JWT, OAuth token, or URL parameter, it uses Base64URL encoding, which replaces + with - and / with _. Replace those characters before pasting to avoid an invalid-input error.
Missing padding: Some systems strip the = padding characters. If decoding fails, try adding = or == to the end to make the string length a multiple of 4.
Hidden whitespace: Copying from PDFs, emails, or rich-text editors sometimes includes invisible characters (non-breaking spaces, zero-width joiners) that break validation. If the input looks correct but fails, try retyping it manually.
Expecting decoded binary to be readable text: Base64 can encode any binary data — not just text. If the decoded output looks garbled, the original was likely a binary file (image, PDF) rather than a text string.

Common Use Cases

Decoding JWT payloads: JSON Web Tokens consist of three Base64URL-encoded parts separated by dots. Paste the middle section (the payload) here to read the claims — user ID, expiry, roles — or use the JWT Decoder for automatic signature verification and timestamp display.
Reading Basic Auth headers: An Authorization: Basic header carries a Base64-encoded username:password string. Decode it here to verify credentials during API testing or when debugging proxy logs.
Inspecting API responses: REST and GraphQL APIs sometimes return binary fields (file contents, certificates) as Base64 strings inside JSON. Decoding them confirms whether the value is what you expect.
Debugging email content: MIME email bodies and attachments are Base64-encoded. When inspecting a raw .eml file, decode the content-transfer-encoded block here to read the original body.
Reading encoded config values: CI/CD platforms like GitHub Actions and Kubernetes secrets store sensitive values as Base64. Decode them here to confirm the correct value was stored.
Reversing data URIs: A data:text/html;base64,... URI can be decoded to reveal the embedded HTML or SVG content, useful when debugging inline assets injected by build pipelines.

Frequently Asked Questions

Why does my Base64 decode give an "invalid input" error?

The most common cause is extra characters: spaces, newlines, or non-Base64 characters like % (which appear in URL-encoded strings). Standard Base64 uses only A–Z, a–z, 0–9, +, /, and = for padding. If your string comes from a URL or JWT, it may be Base64URL-encoded and use - and _ instead of + and / — replace those before pasting.

How do I decode a JWT token payload?

A JWT looks like xxxxx.yyyyy.zzzzz. The second segment (yyyyy) is the payload, encoded in Base64URL. Copy just that middle part, replace - with + and _ with /, then paste here. The decoded result is the JSON object containing the token's claims.

Is it safe to decode sensitive Base64 values in this tool?

Decoding runs entirely in your browser — no data is sent to any server, and the page works offline once loaded. That said, if your security policy prohibits pasting production secrets into any online tool, use your browser console (atob('...')) or a local CLI instead.

What is the difference between Base64 and Base64URL?

Base64URL replaces + with - and / with _, and omits = padding, making it safe for use in URLs and filenames. JWTs, OAuth tokens, and URL parameters use Base64URL. To decode a Base64URL string here, replace - with + and _ with / before pasting.

What happens when I decode an empty Base64 string?

Decoding an empty string produces an empty output — this is the correct behavior per RFC 4648. Zero Base64 characters decode to zero bytes. If you expect output but get nothing, check that the encoded string was not empty to begin with.

Does the decoder support UTF-8 and non-ASCII characters?

Yes. The decoder uses atob combined with decodeURIComponent(escape(...)) to fully reconstruct UTF-8 text. It correctly decodes strings containing accented characters, emoji, CJK characters, and any other Unicode content that was encoded with a UTF-8-aware encoder.

What if my decoded output looks like garbage or binary data?

If the decoded output is unreadable, the original Base64 string likely encoded binary data (an image, PDF, certificate, or other non-text file) rather than a text string. This is not an error — the decoder correctly reversed the encoding. To view binary files, use the Base64 to Image converter instead.

Resources

MDN — atob() reference — Official documentation for the browser API that decodes Base64 strings.
RFC 4648 — The Base16, Base32, and Base64 Data Encodings — The IETF standard that formally defines Base64 and Base64URL encoding.
web.dev — The nuances of Base64 encoding strings in JavaScript — Deep dive into the UTF-8 handling required for correct Base64 round-trips in JavaScript.