TK TaskKit
Developer Tools

Base64

Encode and decode standard and URL-safe Base64 with full UTF-8 awareness.

Input
Result0 bytes

Inputs stay on this device. Every developer tool on TaskKit runs entirely in your browser. Tokens, payloads, and pasted text are not transmitted to TaskKit servers or third parties.

What this tool does

Encodes any UTF-8 text to Base64 and decodes Base64 back to text. The decoder is forgiving about whitespace and missing padding (both are common when Base64 lands inside JSON or YAML), and the encoder offers a URL-safe variant (base64url) for tokens, query strings, and file names.

When you'd use it

  • Embedding small binary blobs (images, certificates, signatures) inside JSON or environment variables.
  • Inspecting the contents of a JWT segment by hand.
  • Decoding a Authorization: Basic … header during a debugging session.
  • Converting a one-off byte string into something safe to paste into Slack.

How it works

Encoding goes UTF-8 → bytes → Base64. Decoding reverses that. The browser provides btoa and atob, but they only handle Latin-1, so this tool runs the input through TextEncoder/TextDecoder first. That makes café, 漢字, and emoji round-trip correctly. URL-safe mode swaps + for -, / for _, and strips trailing = padding.

Notes

Base64 is not encryption. Anyone can decode it. If you're tempted to "hide" a credential by Base64-encoding it, don't — encrypt it instead. Base64 is an encoding, not an obfuscation.

Why am I seeing Invalid character on a token? The token is probably URL-safe Base64 (Base64URL), which uses - and _ instead of + and /. Toggle the URL-safe option, or convert the characters before pasting.

Does padding matter? Strict decoders require = padding to bring the length to a multiple of 4. JWTs and many APIs strip it; this tool restores it automatically.

Related tools