Base64 Decode: How to Decode Base64 Strings Back to Text

What Is Base64 Decoding?

Base64 decoding is the inverse of Base64 encoding. It takes a string composed of the 64-character Base64 alphabet and converts it back to the original bytes. Each group of 4 Base64 characters maps back to 3 bytes of binary data. Padding characters (=) are stripped before processing.

The decoding process is deterministic: the same Base64 string always produces the same binary output. This makes it suitable for round-trip transformations where you need to encode data on one side and decode it on the other without loss.

Standard Base64 uses + and / in its alphabet. URL-safe Base64 (Base64url) replaces those with - and _. This decoder handles both variants automatically, so you do not need to manually swap characters before decoding.

How to Use This Tool

Decoding a Base64 string is straightforward with this tool.

1. 1

   Paste the Base64 string

   Copy the Base64-encoded string from your JWT, API response, header, or config file and paste it into the input field.

2. 2

   Remove prefixes if present

   Some contexts prefix the Base64 string with data:image/png;base64, or similar. Remove the prefix and keep only the Base64 portion.

3. 3

   Select the output format

   Choose Text if you expect readable content, or Hex/Binary if the original data was binary.

4. 4

   Click Decode

   The tool decodes the string and displays the original content immediately.

5. 5

   Copy or inspect the result

   Copy the decoded text to use in your application, or read it directly to understand the contents of a token or payload.

Common Use Cases

Developers decode Base64 strings in many day-to-day debugging scenarios.

• Inspecting the payload of a JWT to check claims like exp, iat, sub, and roles.
• Decoding Basic Authentication headers to verify username and password combinations.
• Reading Base64-encoded environment variables or secrets stored in CI/CD pipelines.
• Decoding API responses that return binary data (such as images or PDFs) as Base64 strings.
• Examining SAML assertions and OAuth tokens that use Base64-encoded XML payloads.
• Debugging MIME email content by decoding Base64-encoded body parts.

Tips and Best Practices

• Always check whether the Base64 is standard or URL-safe before decoding; URL-safe variants use - and _ instead of + and /.
• If decoding fails with an invalid character error, check for whitespace or line breaks in the input and remove them.
• Padding (=) is sometimes stripped from Base64 strings stored in databases or URLs; if decoding fails, try adding = characters to make the length a multiple of 4.
• Never decode sensitive credentials in online tools you do not trust; use this local browser-based tool or a CLI utility like base64 -d.
• After decoding a JWT payload, remember that the claims are not verified; the signature must be validated separately to trust the content.

Decoding JWTs Step by Step

A JWT has three parts separated by dots: header.payload.signature. All three parts are Base64url-encoded. To inspect a JWT, split the string at the dots and decode the first two parts independently.

The header typically contains the algorithm (alg) and token type (typ). The payload contains claims: registered claims like iss, sub, exp, aud, and any custom claims your application adds. The signature is a cryptographic hash and cannot be meaningfully read as text, but it can be verified using the secret or public key.

This decoder handles the Base64url variant used by JWTs. You can paste the entire JWT and the tool will split and decode each section for you.

Frequently Asked Questions