BASE64 DECODER

Convert Base64 strings back to plain text instantly in your browser. RFC 4648, full UTF-8 support. Drag-and-drop or upload files. Your data never leaves your device.

Rate this tool
0 chars
Complete the verification above to enable the decoder.

Common Base64 Decode Errors & Fixes

InvalidCharacterError
The input contains non-Base64 characters — spaces, line breaks, or symbols not in the Base64 alphabet (A–Z, a–z, 0–9, +, /). This tool auto-strips all whitespace before decoding. If the error persists, check for stray characters.
Incorrect Padding
Base64 strings must be a multiple of 4 characters. Missing or extra = padding causes decoding failure. Standard Base64 uses = as padding. Base64URL (used in JWTs) omits padding — add = signs to reach a multiple of 4.
UTF-8 Decoding Issues
Standard atob() fails for Base64 strings that encode non-ASCII text. This tool handles it correctly using a percent-encoding approach — the decoded bytes are passed through decodeURIComponent to restore full UTF-8.
Is Base64 Secure?
Base64 is not encryption. Anyone can decode a Base64 string without a key. Use it for data transport compatibility, not data protection. For sensitive content, encrypt first (AES-256), then encode. Never store passwords as Base64.

Base64 Decode in Code

JavaScript
// Standard — ASCII only
atob(encodedString);

// UTF-8 safe (emoji, Unicode)
decodeURIComponent(
  atob(encoded)
    .split('')
    .map(c => '%' +
      ('00'+c.charCodeAt(0).toString(16))
        .slice(-2))
    .join('')
);
Python
import base64

# Decode bytes
decoded_bytes = base64.b64decode(data)

# Decode to string (UTF-8)
decoded_str = decoded_bytes.decode('utf-8')

# URL-safe variant (JWTs)
base64.urlsafe_b64decode(data + '==')
PHP
<?php
// Standard decode
$decoded = base64_decode($data);

// With strict mode (recommended)
$decoded = base64_decode($data, true);
if ($decoded === false) {
    // Invalid Base64 input
}
Linux / macOS Terminal
# Decode a string
echo "SGVsbG8=" | base64 -d

# Decode a file
base64 -d encoded.b64 > decoded.txt

# macOS uses -D flag
echo "SGVsbG8=" | base64 -D

Frequently Asked Questions

What is Base64 decoding?
Base64 decoding is the reverse of Base64 encoding. It converts a Base64-encoded string — made up of 64 printable ASCII characters (A–Z, a–z, 0–9, +, /) — back into the original text or binary data. The standard is defined in RFC 4648. For every 4 Base64 characters in the input, 3 bytes of original data are restored.
Is Base64 decoding safe for sensitive data?
This tool is safe because all decoding happens entirely in your browser — your data is never transmitted to any server. However, Base64 itself is not encryption. Anyone who has the encoded string can decode it without a key. Never use Base64 as a security mechanism. For sensitive data, use proper encryption (AES-256) before encoding.
Why does my Base64 string return an InvalidCharacterError?
This error occurs when the input contains non-Base64 characters such as spaces, line breaks, or symbols not in the Base64 alphabet. This tool automatically strips all whitespace before decoding to minimise this issue. If the error persists, check that your string uses only A–Z, a–z, 0–9, +, /, and = padding characters.
What causes incorrect padding errors?
Base64 strings must have a length that is a multiple of 4 characters. If characters are missing or extra = padding was stripped, the decoder will fail. Standard Base64 uses = to reach the required length. Base64URL (used in JWTs and OAuth tokens) intentionally omits padding — add = signs to pad to a multiple of 4 before decoding.
Does this decoder support Unicode and emoji?
Yes. This decoder uses a UTF-8 safe approach: it decodes the Base64 to raw bytes, then passes them through decodeURIComponent with percent-encoding to correctly restore emoji (😀), Arabic (مرحبا), Chinese (你好), and any other Unicode text. Standard atob() alone fails for non-ASCII characters.
What is the difference between Base64 and Base64URL?
Standard Base64 uses + and / characters. Base64URL replaces + with - and / with _, and omits = padding — making the output safe for URLs and filenames. JWTs use Base64URL for their header and payload sections. If decoding a JWT fails, replace - with + and _ with /, then pad with = to a multiple of 4.
Is my Base64 string sent to a server?
No. All decoding happens entirely in your browser using JavaScript's built-in atob() API. Your Base64 string is never transmitted to FindBeam's servers or any third party. This is particularly important when decoding JWT payloads, API keys, or private configuration values embedded in Base64.
Is this Base64 decoder free?
Yes. FindBeam's Base64 Decoder is completely free with no account, no registration, and no usage limits. It will remain free.