How do I encode text to Base64?

Select the Text tab and make sure Encode mode is active. Type or paste your text into the left panel — the Base64-encoded result appears instantly on the right. Click the Copy button to copy it to your clipboard.

How do I decode a Base64 string back to text?

Select the Text tab, then switch to Decode mode using the toggle. Paste your Base64 string into the left panel — the decoded plain text appears on the right immediately.

How do I convert an image to Base64?

Select the Image tab and drag your image (PNG, JPG, GIF, WebP, or SVG) onto the drop zone, or click to browse. The tool generates a Base64 data URI instantly that you can embed directly in HTML or CSS.

Is my data uploaded to a server?

No. Every encoding and decoding operation happens entirely in your browser using built-in Web APIs. Your text, images, and files never leave your device — making this tool safe for sensitive content like API keys, tokens, and private documents.

What is the maximum file size I can encode?

There is no hard limit, but files larger than 10 MB may slow down your browser tab because all processing happens in JavaScript. For files over 10 MB, a warning is displayed.

Does Base64 encoding work with Unicode and emoji?

Yes. This tool uses the TextEncoder API to handle the full UTF-8 Unicode range, including emoji, Arabic, Chinese, and other non-ASCII characters. The native browser btoa() function only handles Latin-1, but this tool handles all Unicode correctly.

Back to tool

Guide5 min read

URL-Safe Base64 Encoding Explained

What URL-safe Base64 is, how it differs from standard Base64, and when to use it — with code examples in JavaScript, Node.js, and Python.

Need to encode URL-safe Base64 right now?

Use the free online tool — toggle the URL-Safe switch for instant conversion.

Open Tool

What is URL-safe Base64?

URL-safe Base64 (also called Base64url, defined in RFC 4648 §5) is a variant of Base64 encoding designed to be safe for use in URLs and file names. It uses the same principle as standard Base64 but swaps out the two characters that are problematic in URLs.

Standard Base64 uses a 64-character alphabet that includes + and /. These characters have special meaning in URLs — plus is decoded as a space in form data, and slash is a path separator. URL-safe Base64 replaces them with - and _, which are safe everywhere in a URL.

Standard Base64 vs URL-safe Base64

Character	Standard Base64	URL-Safe Base64	Why it matters
+	Plus sign	Hyphen –	% encodes to %2B in URLs, causing issues in query strings and form data.
/	Slash	Underscore _	Slashes are path separators in URLs — they would split a Base64 string across URL segments.
=	Padding (0–2 chars)	Omitted	= signs can confuse URL parsers. URL-safe Base64 drops padding and re-adds it when decoding.

Example: the standard Base64 string SGVsbG8sIFdvcmxkIQ== becomes SGVsbG8sIFdvcmxkIQ in URL-safe form (padding removed, no character substitution needed in this example).

When to use URL-safe Base64

JWT Tokens

JSON Web Tokens use URL-safe Base64 (without padding) for all three of their segments — header, payload, and signature. This lets JWTs be safely embedded in URLs and HTTP headers.

OAuth 2.0 / PKCE

The PKCE extension for OAuth uses URL-safe Base64 to encode the code challenge, which is passed in the query string of the authorization URL.

URL and query parameters

Any Base64 data placed in a URL query parameter must use URL-safe encoding — standard Base64's + and / would be mis-parsed or require %2B and %2F escaping.

File names

Encoding binary IDs or hashes for use in file names is safer with URL-safe Base64 since / would create path separators and cause errors.

Cookie values

HTTP cookies have restrictions on special characters. URL-safe Base64 (without = padding) avoids the most problematic characters in cookie values.

URL-safe Base64 in code

URL-safe Base64 in JavaScript (browser)

The browser doesn't have a native URL-safe Base64 function, but you can convert standard Base64 by replacing characters:

// Encode to URL-safe Base64
function toUrlSafeBase64(str) {
  return btoa(str)
    .replace(/\+/g, '-')
    .replace(/\//g, '_')
    .replace(/=+$/, ''); // remove padding
}

// Decode from URL-safe Base64
function fromUrlSafeBase64(str) {
  // Re-add padding if needed
  const padded = str + '='.repeat((4 - str.length % 4) % 4);
  return atob(padded.replace(/-/g, '+').replace(/_/g, '/'));
}

toUrlSafeBase64("Hello, World!");   // → "SGVsbG8sIFdvcmxkIQ"
fromUrlSafeBase64("SGVsbG8sIFdvcmxkIQ"); // → "Hello, World!"

URL-safe Base64 in Node.js

Node.js Buffer supports URL-safe Base64 encoding directly via the 'base64url' encoding:

// Encode to URL-safe Base64 (Node.js 16+)
const encoded = Buffer.from("Hello, World!").toString("base64url");
console.log(encoded); // → "SGVsbG8sIFdvcmxkIQ"

// Decode from URL-safe Base64
const decoded = Buffer.from("SGVsbG8sIFdvcmxkIQ", "base64url").toString("utf8");
console.log(decoded); // → "Hello, World!"

// For older Node.js versions (manual conversion)
const base64 = Buffer.from("Hello, World!").toString("base64");
const urlSafe = base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');

URL-safe Base64 in Python

Python's base64 module has built-in functions for URL-safe Base64:

import base64

text = "Hello, World!"

# Encode to URL-safe Base64 (uses - and _ instead of + and /)
encoded = base64.urlsafe_b64encode(text.encode("utf-8")).decode("utf-8")
print(encoded)   # → SGVsbG8sIFdvcmxkIQ==

# Without padding (common in JWTs and OAuth)
no_pad = encoded.rstrip("=")
print(no_pad)    # → SGVsbG8sIFdvcmxkIQ

# Decode (re-add padding before decoding)
padded = no_pad + "=" * (4 - len(no_pad) % 4) % 4
decoded = base64.urlsafe_b64decode(padded).decode("utf-8")
print(decoded)   # → Hello, World!

Decode a JWT payload

JWT tokens are three URL-safe Base64 segments separated by dots. The payload (second segment) can be decoded directly:

// Decode a JWT payload (browser or Node.js)
function decodeJwtPayload(token) {
  const [, payload] = token.split('.');
  // Re-add padding
  const padded = payload + '='.repeat((4 - payload.length % 4) % 4);
  const json = atob(padded.replace(/-/g, '+').replace(/_/g, '/'));
  return JSON.parse(json);
}

const token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyXzEyMyIsImV4cCI6MTcwMDAwMDAwMH0.sig";
console.log(decodeJwtPayload(token));
// → { sub: "user_123", exp: 1700000000 }

Quick tip: using the online tool

The Base64 tool on this site has a URL-Safe toggle at the top of the tool. Enable it to automatically switch between standard and URL-safe encoding — existing output re-encodes instantly when you flip the toggle.

Related guides

How to Encode Text to Base64

Step-by-step guide with JavaScript, Node.js, and Python examples

How to Decode Base64

Reverse the process — decode Base64 back to text, images, and files

Try URL-safe Base64 encoding now

Free, instant, and 100% private — nothing is ever uploaded to a server.

Open Base64 Tool