Base64URL — URL-safe Base64 encode & decode

RFC 4648 §5 · the kind JWTs use

URL-safe Base64 uses - instead of +, _ instead of /, and strips padding. Standard Base64 breaks URLs. This tool converts between the two and shows the difference.

Input

Direction Keep = padding

Base64URL (URL-safe) Standard Base64 (for comparison)

Ready.

How to use

Paste raw text, standard Base64, or Base64URL into the input.
Pick Direction — Encode (text → Base64URL) or Decode (Base64URL → text).
The output panel shows both Base64URL (URL-safe) and Standard Base64 side by side, so you can confirm the conversion.
Toggle Padding if you need = characters appended back for legacy decoders that require them.

When you need Base64URL

JWTs. The three dot-separated chunks of a JWT are all Base64URL.
URL fragments and query parameters. Standard Base64 uses + and / which break URL semantics; = padding has to be percent-encoded too.
Filenames and HTTP headers where +/= aren't friendly.

FAQ

Is Base64URL just Base64 with two substitutions?

Yes — replace + with - and / with _, and strip trailing =. The encoding still produces 4 chars per 3 bytes.

Why is my JWT not decoding here?

A JWT is three Base64URL chunks joined with dots — header.payload.signature. Decode each chunk separately, or use the JWT decoder which handles all three at once.

Does the decoder verify a signature?

No — that needs the secret. Use a real JWT library for verification. For pure debugging the unverified payload is usually what you want.

Does this support binary input?

Yes for encode (drop a file into the data-URI tool to get the bytes), but the textarea output is meant for textual data. Binary stays binary when decoded — the UI will show garbled chars.