Toolist Blog

6 May 2026Toolist Editorial TeamUpdated 6 May 2026

Free Base64 Encoder & Decoder — Auto-Detect, URL-Safe, Data URI, No Upload

Encode text or files to Base64. Decode Base64 strings back to text or binary. Auto-detect, URL-safe, MIME line breaks, Data URI copy, drag-and-drop. Free, browser-only, no upload.

Base64Developer ToolsEncodingPrivacyWeb Development

Try Base64 Encoder / Decoder

Toolist Base64 Encoder and Decoder tool showing a two-panel interface with encode and decode modes, URL-safe toggle, line break settings, and size comparison.

Base64 encoding is one of those things developers run into constantly — embedding images in HTML, passing binary through APIs, decoding JWT tokens, configuring email attachments, dealing with PEM certificates — and yet every time I needed to encode or decode something quickly, the tools available felt like they were built in 2009. A textarea, a button, some output. No intelligence. No workflow features. No privacy.

The Base64 Encoder & Decoder on Toolist was built to cover real developer workflows, not just the happy path. Here is what it actually does and why each feature matters.

What is Base64 and why does it come up constantly?

Base64 is a binary-to-text encoding scheme that represents arbitrary binary data using 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It was designed to solve a specific problem: many systems — email protocols, HTTP headers, JSON fields, XML — are built for text and cannot reliably carry raw binary bytes.

Base64 bridges that gap. It converts every 3 bytes of binary into 4 ASCII characters. The trade-off is a ~33% size increase — an unavoidable consequence of the math (3 bytes = 24 bits; 4 Base64 characters = 4 × 6 bits = 24 bits).

You encounter Base64 in practice across a wide range of workflows:

JWT tokens — the header and payload of every JSON Web Token are Base64url-encoded
Data URIs — embedding images and other assets directly in HTML or CSS without a separate HTTP request
Email attachments — MIME encoding wraps all attachments in Base64 for text-safe transport
API payloads — passing binary data (images, PDFs) through JSON fields
HTTP Basic Auth — the Authorization: Basic header encodes username:password in Base64
PEM certificates — SSL certificates, private keys, and CSRs are Base64-encoded inside the -----BEGIN/END----- wrapper
Binary config values — embedding small binary blobs in environment variables or YAML configs

Every one of these requires a reliable Base64 tool. This is that tool.

Auto-detect: paste or drop encoded or image or text files, get the right result

The single most common friction in a Base64 workflow is toggling the mode. You paste something, get garbage output, realize you were in Encode instead of Decode, switch, paste again. This tool eliminates that step.

When you paste text into the input panel — either with Ctrl+V directly in the textarea, or by clicking the Paste button — the tool inspects what you pasted. If the content looks like a valid Base64 string (uses only Base64 characters, no internal spaces, passes the decode check), it automatically switches to Decode mode. If it looks like plain text, it stays in Encode mode.

The same logic applies when you drop a text file onto the input panel. Binary files in encode mode bypass auto-detect and stay in encode mode.

You can override the detected mode at any time with the Encode / Decode toggle. Once you manually switch mode, auto-detect stops overriding your choice for that session.

This is a small feature but it removes the single most common mistake when using Base64 tools.

Encoding text: real-time, no button press

Type or paste any text into the input panel and the Base64 output appears in the right panel automatically — no button press, no form submit. The output updates with a short debounce so it feels instant without thrashing on large inputs.

The encoder uses the browser's TextEncoder API to convert your text to UTF-8 bytes before encoding. This means emoji, CJK characters, Arabic, Hebrew, and all other Unicode text encode correctly.

Encoding files: drop a file, copy a Data URI

This is the feature that separates a developer-grade Base64 tool from a plain textarea.

Drag any file directly onto the input panel and it loads instantly — no file picker dialog, no server round-trip. Images (PNG, JPEG, WebP, GIF), PDFs, ZIPs, fonts, audio files — any binary file works.

When you drop or upload an image file, the tool shows a live thumbnail preview in the input panel alongside the filename, file size, and MIME type. For non-image binary files, it shows a hex preview of the first 12 bytes so you can confirm the right file loaded.

The Base64 output appears in the right panel. Then comes the key button: Copy as Data URI.

Click it and you get the complete data:{mime};base64,{content} string — where the MIME type comes directly from the uploaded file — copied to your clipboard. Paste it directly into:

<img src="data:image/png;base64,…"> in HTML
background-image: url("data:image/png;base64,…") in CSS
"logo": "data:image/png;base64,…" in a JSON config

No image hosting. No CDN bucket. No extra HTTP request. For small icons, favicons, and inline logos, Data URIs eliminate an entire category of asset management overhead.

Decoding: recover files from Base64 strings

The decode direction is equally capable. Switch to Decode, paste your Base64 string, and the decoded text appears immediately in the output panel.

For binary content, click Download. The tool decodes the Base64 to raw bytes, then inspects the magic bytes at the start of the binary to detect the file format:

89 50 4E 47 → PNG → saves as decoded.png
FF D8 FF → JPEG → saves as decoded.jpg
47 49 46 → GIF → saves as decoded.gif
52 49 46 46 … 57 → WebP → saves as decoded.webp
25 50 44 46 → PDF → saves as decoded.pdf
50 4B 03 04 → ZIP → saves as decoded.zip

If the format is not recognised, the file downloads with a .bin extension. File type detection reads the actual binary signature — not a MIME type string that could be wrong or missing.

URL-safe Base64: required for modern APIs and JWT

Standard Base64 uses + and /, which are reserved characters in URLs. In a query parameter, + decodes as a space and / breaks path parsing. Passing a standard Base64 string through a URL without percent-encoding produces corrupted data.

URL-safe Base64 (RFC 4648 §5) solves this by substituting:

+ → -
/ → _
= padding removed entirely

Enable the URL Safe checkbox and the output switches to this format automatically. The decoder also accepts URL-safe input — it normalises both variants before decoding, so you can paste either format without switching any setting.

Use URL-safe Base64 for:

JWT tokens — header, payload, and signature all use URL-safe Base64
Query parameters — ?token=abc-def_ghi instead of ?token=abc%2Bdef%2Fghi
Filenames — Base64-encoded filenames with - and _ instead of + and /
OAuth state parameters — state= values in OAuth 2.0 flows
HTTP headers — custom headers carrying encoded payloads

MIME line breaks: email and PEM compatibility

RFC 2045 (MIME) requires Base64-encoded email content to be split into lines no longer than 76 characters. PEM format — used for SSL certificates and private keys — uses 64-character lines. Some systems reject Base64 that does not follow these line length rules.

Enable the Line Breaks toggle and the output is wrapped at the configured line width. The default is 76 characters (MIME standard). Change it to 64 for PEM, or any other value your target format requires — the input accepts any width from 1 to 999.

The decoder strips all whitespace before decoding, so you can paste MIME-formatted or PEM-formatted Base64 in decode mode and it works without any pre-processing.

Swap: round-trip testing in one click

The ⇄ button between the two panels flips input and output and toggles the mode simultaneously — but only when output exists and there is no decode error.

Encode some text → click Swap → the Base64 output is now the input in Decode mode → the decoded text appears in the output panel. If it matches your original input, the round-trip is clean.

This is the fastest way to verify that your encoding pipeline is correct — especially when testing URL-safe or line-broken Base64 where the encoding options affect the output format.

Size comparison: see the trade-off immediately

Below the two panels, a size indicator shows input size, output size, and the percentage change — for example 48.3 KB → 64.4 KB (+33%) when encoding, or 64.4 KB → 48.3 KB (-25%) when decoding.

The ~33% overhead of Base64 is the constant trade-off developers make when embedding binary in text. Seeing it displayed explicitly makes the decision to use a Data URI versus an external asset reference a concrete calculation rather than a vague concern.

Why browser-only processing is the privacy decision that matters

Most online Base64 tools send your data to a server. When you click encode or decode, your content goes to their infrastructure, gets processed, and the result comes back. For plain text, this might seem harmless. For the actual use cases, it is not.

Think about what commonly gets Base64-encoded:

JWT tokens — contain session state, user IDs, permissions, and possibly PII
API keys — many services use Base64-encoded key:secret pairs in headers
SSL certificates and private keys — the most security-sensitive artifacts in your infrastructure
Binary config files — database connection strings, service account credentials

Pasting any of these into a tool that sends data to a server means a third party's infrastructure has processed your production credentials or internal data. That is a security incident risk that will not show up in your logs.

This tool processes everything using browser-native APIs: btoa() and atob() for core encoding and decoding, TextEncoder / TextDecoder for Unicode text handling, and FileReader for reading binary files. None of this involves a network connection.

Your data never leaves your device.

Real developer workflows: how I actually use this

Decoding a JWT payload

Paste the JWT payload segment (the middle part, between the two dots) into the input panel. The tool detects it as URL-safe Base64 and switches to Decode mode. The JSON claims appear in the output — without sending the token to any external service.

Embedding a small icon in a React component

Drop the PNG onto the input panel. The thumbnail appears. Click Copy as Data URI. Paste into src={…} in the component. The icon is inlined — no separate network request, no assets folder to manage.

Checking a PEM certificate

Copy the raw Base64 lines between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. Paste into the input — the tool strips the whitespace and decodes. Click Download to save the decoded binary (downloads as .bin since DER format is not auto-detected — rename to .der to open in certificate tools or pass directly to openssl x509 -inform DER).

Testing an email attachment encoding

Enable Line Breaks at 76 characters (the MIME standard). Encode the file. Copy the output. The format is correct without any manual wrapping.

Round-trip verification

Enable URL Safe. Encode a token payload. Click Swap. Verify the decoded output matches the original. One click — no copy-pasting between panels.

How to use the Base64 Encoder & Decoder

Open the Base64 Encoder & Decoder.
Select Encode or Decode mode — or paste content and let auto-detect handle it.
For text: type or paste directly into the input panel. Output appears immediately.
For files: drag any file onto the input panel, or click File to pick one.
Enable URL Safe if the output needs to be safe in URLs, JWT tokens, or filenames.
Enable Line Breaks and set the width to 76 (MIME) or 64 (PEM) if your target requires wrapped lines.
Click Copy to copy the output text to clipboard.
In Encode mode with a file loaded, click Copy as Data URI to get the complete data:{mime};base64,… string.
Click Download to save the output — .base64.txt in encode mode, or the detected binary format (or .bin) in decode mode.
Click ⇄ (Swap) to flip input and output and toggle mode — only available when output exists and there is no error.
Check the size indicator below the panels to see input size, output size, and the percentage change.
Click Reset to clear everything and start fresh.

What makes this the best free Base64 tool online

| Feature | Most tools | This tool | |---|---|---| | Encode text | ✓ | ✓ | | Decode Base64 | ✓ | ✓ | | Auto-detect mode on paste | ✗ | ✓ | | File / binary encoding | Sometimes | ✓ | | Image thumbnail preview | ✗ | ✓ | | Hex preview for non-image binary | ✗ | ✓ | | Copy as Data URI | ✗ | ✓ | | URL-safe encoding | Sometimes | ✓ | | MIME line breaks (configurable width) | Sometimes | ✓ | | Swap input ↔ output + toggle mode | ✗ | ✓ | | Binary file download on decode | ✗ | ✓ | | Magic-byte file type detection | ✗ | ✓ | | Size comparison with % change | ✗ | ✓ | | Drag & drop files | Rarely | ✓ | | Browser-only, no upload | Rarely | ✓ | | Free, no account | ✓ | ✓ |

The tool in one sentence

If you work with Base64 and want a single browser tab that handles encoding, decoding, file encoding, Data URI generation, URL-safe output, MIME line breaks, round-trip swap, binary file download, and size tracking — all without sending a single byte to any server — this is it.

Open the Base64 Encoder & Decoder →

Quick Links

Keep moving

Back to Blog Base64 Encoder / Decoder JSON Formatter, Validator & Minifier Image Compressor QR Code Generator

FAQ

Common questions

Is my data sent to a server when I use this Base64 tool?

No. Every encode and decode operation runs entirely in your browser using JavaScript's built-in btoa() and atob() APIs, plus the TextEncoder and TextDecoder APIs. Your text, files, and Base64 strings are never sent to any server, API, or third-party service — not even Toolist's own servers.

Is this tool free to use?

Yes, completely free. There is no account, no sign-up, no usage limits, and no paywall. The tool runs entirely in your browser using browser-native APIs — there is no server infrastructure processing your data, so there is nothing to charge for.

How does auto-detect mode work?

When you paste text or drop a text file, the tool inspects your input. If it looks like a valid Base64 string — uses only Base64 characters, has no spaces (or is long enough to be encoded content), and can be decoded without error — the tool automatically switches to Decode mode. If it looks like plain text, it stays in Encode mode. You can override the auto-detected mode at any time using the Encode / Decode toggle.

How do I encode an image and get a Data URI?

Drag your image file directly onto the input panel, or click the File button to pick it. The tool reads the image bytes, encodes them to Base64, and shows a thumbnail preview. Then click 'Copy as Data URI' to get the complete data:{mime};base64,… string ready to paste into an <img src> attribute, CSS background-image: url(), or any JSON field.

What is URL-safe Base64 and when do I need it?

Standard Base64 uses + and / characters, which are reserved in URLs and must be percent-encoded as %2B and %2F. URL-safe Base64 (RFC 4648) replaces + with - and / with _, and removes the = padding. The result is safe in URLs, query parameters, JWT tokens, filenames, and HTTP headers with no further encoding required.

Can I use this to decode a JWT token?

Yes. JWT tokens use URL-safe Base64 (without padding) for the header and payload segments. Paste the payload segment — the part between the two dots — directly into the input panel. The tool detects it as URL-safe Base64 and switches to Decode mode automatically. The decoded JSON payload appears in the output, showing the token claims.

How do I decode a Base64 string back to a file?

Switch to Decode mode, paste your Base64 string, and click Download. The tool decodes the bytes and reads the file type from the magic bytes in the binary data — it recognises PNG, JPEG, GIF, WebP, PDF, and ZIP. It then downloads with the correct extension. If the format is not recognised, it saves with a .bin extension.

What are MIME line breaks and when do I need them?

MIME email standards (RFC 2045) require Base64-encoded data to be wrapped into lines no longer than 76 characters. PEM format — used for SSL certificates and cryptographic keys — uses 64-character lines. Enable the Line Breaks toggle and set the width to 76 for MIME or 64 for PEM. The decoder automatically strips whitespace before decoding, so line-broken Base64 always decodes correctly.

Does the tool handle Unicode and emoji in text encoding?

Yes. The encoder uses the browser's TextEncoder API to convert your text to UTF-8 bytes before encoding. The decoder uses TextDecoder to convert bytes back to UTF-8 text. Emoji, CJK characters, Arabic, Hebrew, Cyrillic, and all other Unicode text encode and decode correctly.

Does the tool work offline?

Yes, after the first page load. The tool uses only browser-native APIs — no external libraries are fetched at runtime. Once the page is loaded, it runs fully offline. If you have Toolist installed as a PWA, it works offline from the first launch.

Is there a file size limit?

There is no enforced limit. Files are processed entirely in your browser's memory. Encoding a 10 MB image produces approximately 13.3 MB of Base64 text. For very large files (50 MB+), the output may be slow to render in the text panel — but the encoding itself completes without error. For most use cases — images, PDFs, certificates, small archives — file sizes are well within range.