W3docs

String Functions

Base 64 Decoder

Decode a Base-64 string back to plain text. Invalid input gets a clear error instead of silent garbage.

About the Base 64 decoder

This tool decodes a Base64-encoded string back into plain text. Base64 represents arbitrary bytes using 64 printable ASCII characters — A-Z, a-z, 0-9, +, / — with = used for padding, which is why you’ll run into it in data: URIs, email attachments (MIME), Basic Auth headers, and encoded API payloads: contexts that can’t safely carry raw binary or line breaks. Paste the encoded string in and the tool reverses the encoding back to readable text.

Decoding runs through the browser’s built-in atob() function, which turns the Base64 text into a raw byte string; those bytes are then read with a TextDecoder set to UTF-8, so multi-byte characters — accented letters, emoji, non-Latin scripts — reconstruct correctly instead of coming out as single-byte junk. The input is first stripped of whitespace and checked against the standard Base64 alphabet, so text wrapped at a fixed column width still decodes. Anything outside that alphabet, including the -/_ characters used by base64url, throws an error instead of returning corrupted text.

Reach for this when debugging a data: URI, unpacking a Basic Auth Authorization header, checking what a base64-encoded environment variable or API field actually contains, or confirming that something you encoded elsewhere round-trips correctly. Decoding happens entirely client-side in your browser — the string you paste is never sent to a server — so it’s safe to use on tokens, credentials, or other sensitive payloads.

Examples

Decode a plain ASCII stringtext
Input:  SGVsbG8sIFdvcmxkIQ==
Output: Hello, World!

The inverse of the Base 64 Encoder for the same input.

Decode UTF-8 text with an emojitext
Input:  RW5jb2RlIG1lIHRvIEJhc2U2NCEg8J+agA==
Output: Encode me to Base64! 🚀

Multi-byte characters decode correctly — the bytes are read through a UTF-8 TextDecoder, not one byte at a time.

The same decode in plain JavaScriptjs
// Browser — what this tool does under the hood
const b64 = 'SGVsbG8sIFdvcmxkIQ==';
const bytes = Uint8Array.from(atob(b64), (c) => c.charCodeAt(0));
const text = new TextDecoder('utf-8').decode(bytes);
console.log(text); // "Hello, World!"

// Node.js
const text2 = Buffer.from(b64, 'base64').toString('utf-8');

Both verified to produce identical output to this tool.

Frequently asked questions

Why do I get an Invalid base64 input error?

The text contains a character outside the standard Base64 alphabet (A-Z, a-z, 0-9, +, /, =), or its length isn’t valid once padding is accounted for. A common cause is pasting base64url-encoded text, which uses - and _ in place of + and /.

Can I decode a JWT with this tool?

Only sometimes. JWTs use base64url encoding, which replaces +// with -/_ and usually omits padding, so any segment containing - or _ throws an error here. For reliable JWT decoding, use a decoder built for the base64url variant.

Is it safe to paste tokens or passwords into this decoder?

Yes. Decoding runs entirely in your browser using the built-in atob() and TextDecoder APIs, so the text you paste is never sent to a server.

Why does the decoded text show a � character instead of readable text?

That’s the Unicode replacement character, shown when the decoded bytes aren’t valid UTF-8. It usually means the Base64 encodes binary data — an image, a compiled file, encrypted bytes — rather than plain text.

Do I need the = padding at the end of a Base64 string?

No — the decoder accepts Base64 with or without trailing = padding, as long as the unpadded length is otherwise valid. For example, both SGVsbG8 and SGVsbG8= decode to Hello.