Base64 Tools - Professional Online Encoder & Decoder

Base64 URL-Safe Encoder/Decoder

Convert text to URL-safe Base64 or decode URL-safe Base64 back to text. URL-safe Base64 uses - and _ instead of + and / for safe use in URLs.

Text to Encode

Include Padding (=)

URL-Safe Base64

Code Examples

// Encode to URL-safe Base64
const text = "Hello, World!";
const standard = btoa(text);
const urlSafe = standard
  .replace(/\+/g, '-')
  .replace(/\//g, '_')
  .replace(/=+$/, ''); // Remove padding
console.log(urlSafe); // SGVsbG8sIFdvcmxkIQ (no padding)

// With padding
const urlSafeWithPadding = standard
  .replace(/\+/g, '-')
  .replace(/\//g, '_');
console.log(urlSafeWithPadding); // SGVsbG8sIFdvcmxkIQ==

// Decode URL-safe Base64
function decodeUrlSafe(urlSafeBase64) {
  // Convert back to standard Base64
  let standard = urlSafeBase64
    .replace(/-/g, '+')
    .replace(/_/g, '/');

  // Add padding if needed
  const padding = (4 - (standard.length % 4)) % 4;
  standard += '='.repeat(padding);

  return atob(standard);
}

const decoded = decodeUrlSafe(urlSafe);
console.log(decoded); // Hello, World!

How to Use URL-Safe Base64

1Choose between Encode or Decode mode.
2For encoding: Enter your text and choose whether to include padding.
3For decoding: Paste your URL-safe Base64 string (works with or without padding).
4Copy the result or compare with standard Base64 format.

Key Features

URL Compatible

Uses - and _ characters instead of + and / which can cause issues in URLs and file systems.

JWT Usage

Perfect for JSON Web Tokens (JWT) which use URL-safe Base64 without padding for compact encoding.

Query Parameter Safe

Safe to use in URL query parameters without encoding, unlike standard Base64.

Optional Padding

Choose to include or exclude padding (=) characters based on your requirements.

Common Use Cases

JWT Tokens

Encode JWT payload and signature sections using URL-safe Base64 without padding.

URL Parameters

Safely pass Base64-encoded data in URL query strings without special character issues.

OAuth Tokens

OAuth 2.0 and many authentication systems use URL-safe Base64 for tokens and codes.

Filename Safe

Create file names from Base64 data without filesystem-incompatible characters.

API Keys

Generate and encode API keys that can be safely used in URLs and headers.

Cookie Values

Store Base64-encoded data in cookies without encoding issues.

Frequently Asked Questions

What is URL-safe Base64?

URL-safe Base64 is a variant defined in RFC 4648 Section 5 that replaces + with - and / with _ to avoid special characters that have meaning in URLs. The padding character = may also be omitted.

When should I use URL-safe Base64 instead of standard Base64?

Use URL-safe Base64 when the encoded data will appear in URLs, file names, or anywhere that + and / characters might cause issues. It's essential for JWT tokens, OAuth, and web APIs.

Can I decode URL-safe Base64 with standard Base64 decoders?

Not directly. You need to convert - back to + and _ back to / first. However, many modern libraries have built-in URL-safe Base64 decoders that handle this automatically.

Should I include padding when using URL-safe Base64?

It depends on your use case. JWT tokens omit padding to reduce size. However, some systems require padding for proper decoding. Both forms are valid per RFC 4648.

Is URL-safe Base64 more secure?

No, it's not more secure. URL-safe Base64 is purely about avoiding special characters that can cause issues in URLs and file systems. The security of the data depends on encryption, not the encoding format.