cleanweb.tools

Base64 Decoder

Decode Base64 back to plain text in your browser. Peek at JWT payloads, unpack email MIME parts, or read Basic-Auth strings without a server round-trip.

base64
encode
decode
converter
developer
RFC 4648

About Base64 Decode

Base64 decoding is the inverse of encoding: 4 ASCII characters back to 3 bytes, with up to 2 padding characters at the end stripped. This decoder uses the native atob API with a UTF-8 wrapper, so you can paste Base64 that originally encoded Unicode text and get the right characters back. Everything runs in your browser — the Base64 you paste, the decoded output, and the decoded bytes never leave the page. The common decoding flow: you have a JWT from an API response and want to peek at the claims (decode the middle segment, which is Base64-encoded JSON). You have an email MIME attachment and want to see what text it wrapped. You need to verify a Basic-Auth header by decoding "Basic <base64>" to "username:password". You received a data URL and want to extract the embedded content. You are debugging a backend that emits Base64 and want to confirm what it actually produced. When the decoder fails: invalid characters (spaces, newlines, non-Base64 ASCII) slipped into the input; the input uses base64url (`-`, `_`) but the decoder is strict-standard; padding was stripped and the length isn't a multiple of 4; the decoded bytes aren't valid UTF-8 (binary data that decoded successfully but can't be rendered as text). Try switching to strict/lenient modes or trim the input to just the Base64 substring.

Features

  • Encode text to Base64 format instantly
  • Decode Base64 strings back to plain text
  • Handle UTF-8 characters correctly
  • Copy encoded or decoded output to clipboard

How to Use

  1. Paste your text or Base64 string into the input field
  2. Select "Encode" or "Decode" mode
  3. View the converted result instantly
  4. Copy the output using the copy button

Frequently Asked Questions

Why did my decoded output look like garbage?

Either the input wasn't actually Base64 (some other encoding got there by mistake), or the decoded bytes weren't valid UTF-8 text (binary data that happens to decode successfully but doesn't render as characters). If you're decoding binary, switch to a hex-view tool; if you're decoding text, check the source encoding.

Can I decode a JWT here?

You can decode the header and payload segments (the first two "."-separated parts) — both are base64url-encoded JSON. Paste one segment at a time. The signature (third part) is raw binary and won't decode to readable text. Dedicated JWT debuggers show all three at once.

What about base64url input with - and _ characters?

Standard Base64 uses + and /; base64url substitutes - and _ to survive URL contexts. The decoder handles both: if your input has - or _, it's normalised back to + and / before decoding. Missing padding is also inferred from the input length.

Is decoding safe for sensitive data?

Yes — the atob call and subsequent UTF-8 decoding happen entirely in the browser. No part of your Base64 input or the decoded output is sent anywhere. Safe for decoding session tokens, API keys, JWT payloads, and Basic-Auth headers.

Other Base64 Encoder & Decoder variants

Base64 Encode

Encode text to Base64 in your browser. For inlining SVGs in CSS, building Basic-Auth headers, or packing binary data into URL-safe ASCII.

Related Tools