What is Base64?
Base64 is a way of representing arbitrary binary data - any sequence of bytes - using only 64 printable characters (A-Z, a-z, 0-9, + and /), so it can travel safely through systems built for plain text. It’s not encryption - anyone can decode it instantly - it’s just a text-safe container. That’s why it shows up everywhere binary data has to pass through a text-only channel: email attachments (MIME), data: URIs for embedding images inline in HTML/CSS, and API tokens or JWTs where a payload needs to be a plain string.
Why does the output end in =?
Base64 groups input into 3-byte chunks and turns each chunk into 4 output characters. When the input isn’t a multiple of 3 bytes, the last chunk is padded with one or two = characters so the output length still lines up - it’s a marker, not part of the data. Decoders expect it; strip it out and some strict decoders will reject the input.
What is “URL-safe” Base64?
Standard Base64’s + and / characters have special meaning inside URLs and file paths, so RFC 4648 defines a URL-safe variant that swaps them for - and _ and usually drops the = padding entirely. You’ll see this variant in JWTs and anywhere Base64 gets embedded directly into a URL. Pick URL-safe in the variant selector above to encode or decode it.
Why did my decode fail?
A Base64 decoder is strict about its alphabet - it only failed because the pasted text has stray characters outside A-Z a-z 0-9 + / =(or - _ for URL-safe), is missing its padding, or simply isn’t Base64 at all. Double-check you copied the whole string, and that you’ve picked the matching variant (standard vs. URL-safe) above.
Want the whole toolkit? Open the full Codes & Ciphers console →