Base64 Decoder

Decode any Base64 string back to plain text instantly. Runs entirely in your browser — nothing is sent to a server.

Base64 Encoder →JWT Decoder →URL Encoder →

Input

Decoded Text Output

What is Base64 Decoding?

Base64 decoding reverses the encoding process: it takes a Base64 ASCII string and converts it back to the original binary data or text. You need to decode Base64 whenever you receive encoded content — JWT payloads, API responses with embedded files, email attachments, data URIs in HTML, or PEM certificate contents — and need to inspect or use the original value.

This decoder automatically handles both standard Base64 (using + and /) and Base64url (using - and _). It also detects JWT tokens (three dot-separated segments) and decodes the header and payload sections separately, pretty-printing the JSON for easy reading.

How Base64 decoding works

The decoder maps each character in the Base64 alphabet back to its 6-bit value, groups four 6-bit values into three 8-bit bytes, and discards any padding bytes introduced by = characters. The result is the original byte sequence, which is then interpreted as UTF-8 text if the content is textual. If the decoded bytes are valid JSON, the tool pretty-prints them for readability.

Where you encounter Base64-encoded data

JWT tokens — the header (eyJ...) and payload segments are Base64url-encoded JSON objects containing claims like sub, exp, and iss.
API responses — file upload/download APIs often return binary content encoded in Base64 within a JSON field.
HTML data URIs — data:image/png;base64,iVBOR... embeds image bytes directly in markup or CSS.
PEM files — TLS certificates, RSA keys, and SSH public keys store their binary DER content as Base64 between header/footer lines.
HTTP Basic Auth — the Authorization: Basic header contains a Base64-encoded username:password string.
Email MIME parts — attachments and some message bodies use Content-Transfer-Encoding: base64.

Troubleshooting decode errors

Decoding fails when the input is not valid Base64. Common causes: extra whitespace or newlines (some tools insert line breaks every 76 characters — strip them first), missing = padding (this decoder adds it automatically), using the wrong variant (standard vs Base64url), or the string being truncated. If you see garbled output rather than an error, the string may be valid Base64 but the decoded bytes are binary, not UTF-8 text.

Frequently asked questions

Why does my Base64 string end with == or =?

Base64 encodes 3 bytes at a time. If the input length is not divisible by 3, padding (=) is added to make the output length a multiple of 4. One trailing = means the last group had 2 bytes; two == means it had 1 byte.

How do I decode a JWT?

Paste the full JWT (three dot-separated Base64url strings) into this decoder. The header and payload JSON will be decoded and displayed. Note that only the header and payload are decoded — the signature segment is intentionally left as-is since it is a binary HMAC value, not readable JSON.

Is decoded content safe to display?

Treat decoded content as untrusted data. If the original bytes encode HTML or scripts, rendering them directly in a browser could expose you to XSS. This tool displays decoded content as plain text only.

If jsondecode.com saved you time, share it with your team

Free forever. No ads. No sign-up. Help other developers find it.

Share on X LinkedIn