Encoder & Decoder Suite
Paste anything — Base64, URL, hex, HTML entities, JWT, ROT13 — we auto-detect and decode. Or pick a tab to manually encode/decode. 100% in your browser.
JWT claims
⚠ Signature is NOT verified. This tool decodes; use a JWT verifier with your secret/key to confirm authenticity.
How to use
- Paste anything in the input box — Base64, a URL-encoded string, a JWT, a hex blob, an HTML-entity-encoded snippet, anything.
- In Auto-detect mode (default), we identify the encoding and show every successful decoding step.
- Switch to a specific tab (Base64, URL, hex, etc.) to manually encode or decode in that format.
- Toggle Decode / Encode to reverse the direction.
- Drop a file onto the input area to Base64-encode it. Use Download output to save a decoded result.
- Click ↕ Swap to feed the output back into the input for chained operations.
Frequently asked questions
What encodings does this support?
Base64 (standard), base64url (URL-safe variant), URL percent-encoding, hexadecimal, HTML entities (named and numeric), JWT (decode only), and ROT13. Each can encode or decode (except JWT, which is decode-only — encoding a JWT requires a signing key).
How does auto-detect work?
We inspect the structure of the pasted text: dots and three segments signal a JWT, percent signs (%) signal URL encoding, ampersand-hash (&#) signals HTML entities, all hexadecimal chars in pairs signal hex, and A-Z/a-z/0-9/+/= with length divisible by 4 signals Base64. The detect list shows every match.
What's the difference between Base64 and base64url?
Base64 uses + and / with = padding. base64url replaces + with -, / with _, and drops padding — safe for URLs, JWTs, and JSON without escape characters. Most JWT libraries use base64url for the header and payload segments.
Can I decode an unknown encoding chain?
Yes. Auto mode tries Base64 → URL-decode → hex → HTML entities and shows every successful step. If a chain like Base64(URL-encoded(text)) is detected, you see both decode steps in order.
How is JWT decoding handled?
JWTs are split on dots into three segments: header, payload, signature. Each of the first two is base64url-decoded and pretty-printed. We display a plain-English summary of common claims (iat issued-at, exp expires, nbf not-before, iss issuer, aud audience, sub subject). We do not verify the signature — that requires the signing key.
Are file uploads supported?
Yes — drop a file onto the input area to Base64-encode it. Output is text you can copy or download. For decoding Base64 back to a binary file, use the Download output button (it detects binary content and prompts a save).
Does anything leave my browser?
No. All encoding, decoding, and auto-detect run locally. Verify in DevTools → Network: zero requests when you paste. The full source is on GitHub for audit.
Can I share a permalink?
Not by default, and intentionally so. Sharing a permalink would require putting your input in the URL, which is usually NOT what you want when the input might contain a JWT, an API key, or other sensitive data. Use Copy on the output to share the result instead.
What's quoted-printable / ROT13 useful for?
ROT13 is included for completeness — it's a substitution cipher used to obscure (not encrypt!) spoilers and trivia answers in forums. Quoted-printable is reserved for a future revision.
How is this different from base64decode.org?
Three things: (1) auto-detect — paste anything, we identify it; (2) seven encodings in one place, not just two; (3) explicit browser-side promise with verifiable source on GitHub. base64decode.org is a fine focused tool; we built a suite for the developer who needs all of them.
Examples
Debugging a JWT
Paste the JWT — we split header/payload/signature, decode the first two segments, and explain each claim. Signature is shown but not verified.
eyJhbGciOiJIUzI1NiIs… → alg: HS256 → exp: in 1h 23m → sub: user_42
Decoding a chained encoding
A URL parameter contains Base64 that wraps URL-encoded JSON. Auto-detect tries each step and shows the result of every successful decode.
aGVsbG8lMjB3b3JsZA== → "hello%20world" → "hello world"
Base64-encoding a file
Drop a PNG onto the input area to get a Base64 data URL ready for inline embedding in HTML or JSON. Round-trip-verified.
file.png → data:image/png;base64,iVBOR…
About encoders and decoders
Encodings are how computers move data through pipes that have rules — URLs can't contain spaces, JSON can't contain raw newlines in strings, email can't contain non-ASCII bytes. Base64 wraps any binary into 64 printable characters. URL percent-encoding escapes anything that breaks a URL. Hex is the universal "show me the bytes." HTML entities let you put angle brackets inside HTML without breaking the parser. JWT chains base64url with a JSON payload and a signature.
Most developers need to decode something unknown a few times a week: a parameter from a log line, a token from a debugging session, a string in a database that someone double-encoded by accident. Auto-detect saves the "which tab do I need?" cognitive overhead. If you know exactly what you have, the manual tabs are one click away.
This tool runs entirely in the browser. The standard btoa and atob functions handle Base64; encodeURIComponent / decodeURIComponent handle URL encoding; TextEncoder handles hex via a small helper. JWT decoding is base64url plus JSON.parse. ROT13 is a 26-character substitution. No external libraries; the page is a single self-contained HTML file you can save and run offline.
If you've used base64decode.org, base64encode.org, urlencoder.org, or any of the dozens of single-purpose tools, the experience here is meant to consolidate them. If you prefer one focused tool per task, those incumbents are great too — we're not trying to replace them so much as offer the suite version for developers who need all of them on the same day.