Base64 Decoder
ENPT
Back to Tools

Base64 Decoder

Decode Base64 strings back to plain text instantly in your browser. Validates input and shows decoded payload size.

EncodeDecodeImage → Base64Base64 → Image
Shift + Enter to Copy · Shift + for tabs
Base64 Input
0 characters
Decoded Output
Speed
Privacy
Local Only
Size
0 KB

Decode any Base64 string back to readable text in one click with this free Base64 decoder online — no installation, no sign-up, and your data never leaves the browser. Paste your encoded string and the decoded output appears instantly, with full UTF-8 support and clear error messages if the input is invalid.

Decoding Base64 is a daily task for developers inspecting JWT payloads, debugging API responses, or reading encoded configuration values. Rather than opening a terminal or writing a one-liner, paste it here and get the result in under a second.

How to Use the Base64 Decoder

Three steps:

  1. Paste your Base64 string into the input panel — the encoded value you want to read in plain text.
  2. Read the decoded output — the result appears immediately below. If the input is invalid, an error message explains why.
  3. Copy the result — click Copy or press Shift + Enter to copy to your clipboard.

Need to re-encode the result? Click Swap & Encode to send the decoded text to the encoder, or switch tabs at the top to work with images.

How Base64 Decoding Works

Base64 encoding represents binary data as 64 printable ASCII characters. Decoding reverses the process: every 4 Base64 characters map back to 3 bytes of original data. This tool uses atob() combined with decodeURIComponent to correctly reconstruct UTF-8 text, including characters that fall outside the basic Latin range.

One common source of errors is extra whitespace or line breaks copied along with the encoded string — particularly when copying from terminal output or multi-line config files. The tool trims surrounding whitespace automatically, but newlines embedded in the middle of the string will cause a validation failure.

Common Use Cases

  • Decoding JWT payloads: JSON Web Tokens consist of three Base64URL-encoded parts separated by dots. Paste the middle section (the payload) here to read the claims — user ID, expiry, roles — without needing a dedicated JWT debugger.
  • Reading Basic Auth headers: An Authorization: Basic header carries a Base64-encoded username:password string. Decode it here to verify credentials during API testing or when debugging proxy logs.
  • Inspecting API responses: REST and GraphQL APIs sometimes return binary fields (file contents, certificates) as Base64 strings inside JSON. Decoding them confirms whether the value is what you expect.
  • Debugging email content: MIME email bodies and attachments are Base64-encoded. When inspecting a raw .eml file, decode the content-transfer-encoded block here to read the original body.
  • Reading encoded config values: CI/CD platforms like GitHub Actions and Kubernetes secrets store sensitive values as Base64. Decode them here to confirm the correct value was stored.
  • Reversing data URIs: A data:text/html;base64,... URI can be decoded to reveal the embedded HTML or SVG content, useful when debugging inline assets injected by build pipelines.

Frequently Asked Questions

Why does my Base64 decode give an "invalid input" error?

The most common cause is extra characters: spaces, newlines, or non-Base64 characters like % (which appear in URL-encoded strings). Standard Base64 uses only A–Z, a–z, 0–9, +, /, and = for padding. If your string comes from a URL or JWT, it may be Base64URL-encoded and use - and _ instead of + and / — replace those before pasting.

How do I decode a JWT token payload?

A JWT looks like xxxxx.yyyyy.zzzzz. The second segment (yyyyy) is the payload, encoded in Base64URL. Copy just that middle part, replace - with + and _ with /, then paste here. The decoded result is the JSON object containing the token's claims.

Is it safe to decode sensitive Base64 values in this tool?

Decoding runs entirely in your browser — no data is sent to any server, and the page works offline once loaded. That said, if your security policy prohibits pasting production secrets into any online tool, use your browser console (atob('...')) or a local CLI instead.

What is the difference between Base64 and Base64URL?

Base64URL replaces + with - and / with _, and omits = padding, making it safe for use in URLs and filenames. JWTs, OAuth tokens, and URL parameters use Base64URL. To decode a Base64URL string here, replace - with + and _ with / before pasting.

Does the decoder support UTF-8 and non-ASCII characters?

Yes. The decoder uses atob combined with decodeURIComponent(escape(...)) to fully reconstruct UTF-8 text. It correctly decodes strings containing accented characters, emoji, CJK characters, and any other Unicode content that was encoded with a UTF-8-aware encoder.

Related Tools