How to use the Base64 Decoder
Decode a Base64 string in three steps:
1
Paste the Base64 string
Paste any Base64 or Base64url string into the input area. Whitespace and line breaks are stripped automatically before decoding.
2
Select encoding variant
The tool auto-detects standard vs URL-safe Base64. If decoding fails, toggle URL-safe mode manually to try the alternative character set.
3
Copy the decoded output
The decoded plain text appears instantly. An error message is shown if the input is not valid Base64.
When to use this tool
Use Base64 decoding to recover original content from Base64-encoded strings:
- →Decoding Base64-encoded HTTP Basic Authentication headers to inspect the username and password
- →Reading the header and payload sections of a JWT token which are Base64url-encoded JSON objects
- →Decoding Base64-encoded email attachment content from raw MIME message sources
- →Inspecting Base64 data URIs embedded in HTML or CSS to retrieve the original file content
- →Debugging API responses that return binary data encoded as Base64 strings
- →Recovering original text from Base64-encoded configuration values in environment files or CI/CD pipelines
Frequently asked questions
Q:Why does my Base64 string fail to decode?
The most common causes of Base64 decode failures are: (1) the string contains characters not in the Base64 alphabet — check for spaces, newlines, or URL percent-encoding; (2) the string length is not a multiple of 4 and is missing padding (= characters) — some encoders omit padding; (3) you are using standard Base64 but the string uses URL-safe characters (- and _) or vice versa. The tool strips whitespace automatically and accepts both variants, which resolves most failures.
Q:What is the = padding at the end of Base64 strings for?
Base64 encodes 3 bytes into 4 characters. When the input length is not a multiple of 3, one or two = padding characters are appended to make the output length a multiple of 4. One = means the last group had 2 bytes of input; two == means it had 1 byte. Some implementations omit padding — the decoder handles both padded and unpadded input.
Q:Can I decode Base64url strings from JWT tokens?
Yes — JWT tokens consist of three Base64url-encoded parts separated by dots (header.payload.signature). Paste any individual part (without the dots) to decode it. Base64url uses - instead of + and _ instead of / compared to standard Base64. The tool handles both variants. Note that the signature part is a cryptographic value — decoding it produces raw binary bytes, not readable text.
Q:What happens if the decoded content is binary data?
If the original data was binary (an image, PDF, compressed file, etc.) rather than text, the decoded output will appear as garbled characters because binary bytes are being interpreted as UTF-8 text. Use the Base64 to Image tool if you are decoding an image, or the appropriate format-specific tool for other binary types. The plain text decoder is designed for Base64-encoded text content.
Q:How do I decode a Base64 string from an HTTP Authorization header?
HTTP Basic Auth headers look like: 'Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ='. Strip the 'Basic ' prefix (keep only the Base64 part) and paste it into the decoder. The decoded output will be in the format 'username:password'. Note that Base64 provides no security — Basic Auth credentials should always be transmitted over HTTPS.
Q:Is there a size limit for decoding?
No enforced size limit. The decoder uses the browser's native atob() function (for standard Base64) which handles strings of any practical length in milliseconds. Very large Base64 strings (megabytes) may cause the browser's text rendering to slow when displaying the output — for large binary payloads, use the download option rather than displaying in the text area.