Base64 Decoder

Decode Base64 strings to readable text or binary files online. Extract original data from encoded JWT tokens, data URIs, API responses, and HTTP headers—instant decoding in browser without server uploads.

Why Use Base64 Decoder

Base64-encoded data appears as cryptic strings—debugging requires seeing actual content. JWT tokens contain Base64-encoded user claims, data URIs embed Base64 images, API responses Base64-encode binary attachments. This decoder reveals original data: decode JWT payloads to inspect user roles, extract images from data URIs, or convert Base64 API responses back to readable JSON. Essential for debugging authentication issues (decoding JWT claims), inspecting encoded API payloads, or extracting files embedded in JSON responses.

  • Instant decoding: Decodes strings in under 50ms
  • Multi-format output: View as text, download as file, or hex dump
  • JWT support: Automatically parse and display token structure
  • Client-side only: Data never leaves your browser
  • Error detection: Validates Base64 syntax before decoding
Decode Base64 →

Step-by-Step Tutorial

  1. Copy Base64-encoded string from JWT, API, or data URI
  2. Example: SGVsbG8sIFdvcmxkIQ==
  3. Paste into decoder
  4. Click "Decode from Base64"
  5. Output: Hello, World!
  6. If binary (image/PDF), use "Download" to save file

Real-World Use Case

A frontend developer debugs authentication failures in production. JWT tokens are being rejected by the API. The error message shows "invalid role claim" but doesn't reveal what's wrong. They copy the JWT token from browser localStorage, paste into Base64 decoder, and decode the payload section (middle part between dots). The decoded payload reveals {"role": "usr", "exp": 1234567890}. They immediately see the problem: role is "usr" but API expects "user". A typo in the authentication service is issuing tokens with wrong role values. They file a bug with decoded evidence, fix is deployed in 1 hour. Without decoding, diagnosing the "invalid role" error would have required backend log analysis taking 3+ hours.

Best Practices

  • For JWT tokens, decode payload (middle section) to inspect claims
  • Validate Base64 syntax before decoding to catch corruption early
  • For binary outputs (images/PDFs), use download feature not text display
  • URL-safe Base64 (- and _ instead of + and /) may need conversion first
  • Check for padding (==) - some systems strip it causing decode failures

Performance & Limits

  • Text decoding: Handles up to 10 MB Base64 strings instantly
  • File decoding: Supports Base64-encoded files up to 50 MB
  • Processing speed: 1 MB decoded in ~150ms
  • Format detection: Automatically identifies text vs binary output
  • Browser compatibility: Works offline in all modern browsers

Common Mistakes to Avoid

  • Decoding full JWT: Decode header and payload separately (split by dots)
  • Missing padding: Add == to end if length not multiple of 4
  • Wrong variant: URL-safe Base64 (JWT) differs from standard—convert first
  • Viewing binary as text: Images/PDFs show garbage text—use download

Privacy and Data Handling

All Base64 decoding happens in your browser using JavaScript—data never leaves your device. For decoding JWTs with user data or API tokens, use private browsing mode. The decoder works completely offline, no server communication required.

Frequently Asked Questions

How do I decode JWT tokens with Base64 decoder?

JWT structure: header.payload.signature where each part is Base64URL-encoded. Split token by dots: header is first part, payload is middle, signature is last. Decode header and payload separately (signature is binary hash, not human-readable). Most decoders auto-detect JWT format and parse all three parts. Payload contains claims (user ID, roles, expiration). Note: JWT uses URL-safe Base64 (- and _ instead of + and /). Standard Base64 decoders should auto-convert. For manual conversion: replace - with +, replace _ with /, add padding (=) if length not multiple of 4.

What does "Invalid Base64" error mean and how do I fix it?

Invalid Base64 errors occur when: (1) String contains non-Base64 characters (anything except A-Z, a-z, 0-9, +, /, =), (2) String length not multiple of 4 and missing padding, (3) Padding in wrong position (= only at end). Fixes: Remove whitespace/newlines with find-replace, Add padding (=) to make length multiple of 4, Check for URL-safe variant (- and _) and convert to standard (+ and /). Some systems strip padding—try adding one or two = at end. If string still won't decode, verify it's actually Base64 (not hex, not base58).

Can I decode Base64 to get back binary files like images?

Yes, Base64 decoder converts encoded binary back to original file. Process: paste Base64 string, decode, download as file with correct extension. For data URIs: strip data:image/png;base64, prefix before decoding. Decoder detects binary vs text output—binary triggers download, text displays in browser. Use cases: extracting email attachments, recovering files from JSON APIs, converting CSS data URIs to actual images. For large files, browser memory limits apply (50 MB typical max). Command-line alternative: base64 -d input.txt > output.png handles unlimited sizes.

Why does decoded output look like garbage characters?

Garbage output indicates: (1) Decoded binary data displayed as text (images/PDFs aren't text—use download), (2) Wrong character encoding (decoded as UTF-8 but original was Latin-1/ASCII), (3) Double-encoded data (data was Base64-encoded twice—decode again), (4) Corrupted Base64 string (missing characters or wrong padding). Solutions: For binary, download instead of viewing. For text, try different encoding options (UTF-8, ASCII, Latin-1). Check if data needs multiple decode passes. Verify Base64 string wasn't truncated during copy-paste. For debugging, compare decoded length to expected—mismatches indicate corruption or wrong decoding approach.

Related Tools

Explore similar tools to solve related tasks faster.

More "base64 decoder" Variants

Explore closely related intent pages that open the same workflow.