About Base64URL Decoder

Decode URL-safe base64 back to UTF-8 text. Part of the DevTools Surf developer suite. Browse more tools in the Encoding collection.

Use Cases

• Developers decoding JWT segments to inspect claims without a full JWT debugger
• Security analysts examining URL-encoded tokens in suspicious requests
• QA engineers verifying that API tokens contain expected payload data
• Backend devs debugging Base64URL-encoded webhook signatures

Tips

• Paste a Base64URL string without padding and it decodes correctly
• Use it to inspect the payload of a JWT token segment
• Handles both padded and unpadded Base64URL input automatically

Fun Facts

• Base64URL decoding must handle missing padding — some implementations crash on unpadded input, which is why many libraries add padding before decoding.
• The Base64 alphabet uses 64 characters (A-Z, a-z, 0-9, and two symbols) because 64 = 2^6, allowing each character to represent exactly 6 bits of data.
• Base64 encoding expands data by approximately 33% — every 3 bytes of input become 4 characters of output, which is why it's not suitable for large binary files.

FAQ

Is this different from Base64 decoder?

Base64URL uses - and _ instead of + and /, and omits padding (=). Common in JWT, JWS, and URL-embedded tokens.

Can it decode standard Base64?

Toggle 'accept standard' to also handle + and /. Useful when input is unknown variant. Otherwise, strict URL-safe mode rejects standard Base64.

What if the input has padding?

Padded input is accepted. Strict URL-safe decoding requires no padding, but the tool is lenient by default.

Why does my JWT fail to decode as Base64?

JWTs use Base64URL. Decode each of the three dot-separated parts with Base64URL, not standard Base64. Common confusion.