B64
Encoding
Encoding & Decoding Tools FAQ — Base64, JWT, URL Encoding
Everything you need to know about Base64 encoding, URL encoding, JWT decoding, and HTML entities. Answers common questions about when and why to use each encoding format.
Q1 What is Base64 encoding?
Base64 is a binary-to-text encoding scheme that converts arbitrary data into a sequence of 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It's used when you need to transmit binary data (images, files, keys) over channels that only support text. Use the Base64 Encoder/Decoder to encode or decode any text instantly. Base64 increases data size by approximately 33%.
Q2 Is Base64 encoding the same as encryption?
No — Base64 is encoding, not encryption. Anyone can decode Base64 without a key. It's designed for data transport, not security. If you need to secure sensitive data, use proper encryption (AES-256, RSA) or a secrets manager. Never store passwords or secrets using only Base64 encoding — it provides zero security protection.
Q3 How do I decode a JWT token?
Use the JWT Decoder tool. Paste the full token (starts with
eyJ) and the tool instantly shows the decoded header (algorithm, token type) and payload (claims like sub, exp, iat, roles). Note: decoding only reads the data — it does NOT verify the signature. Signature verification requires the secret key and must happen server-side.
Q4 Why is URL encoding needed?
URLs can only contain a limited set of ASCII characters. Special characters like spaces, ampersands, and non-ASCII Unicode must be percent-encoded to be safely included in a URL. For example, a space becomes
%20, and & becomes %26. Use the URL Encoder/Decoder to encode query parameters, file names, or full URLs for safe transmission.
Q5 What is the difference between encodeURI and encodeURIComponent in JavaScript?
encodeURI() encodes a full URL but preserves characters that have special meaning in URLs (:/?#[]@!$&'()*+,;=). encodeURIComponent() encodes everything except letters, digits, and -_.!~*'() — use this for individual query parameter values. Always use encodeURIComponent() when encoding user input for URLs.
Q6 What is a JWT token and how does it work?
JWT (JSON Web Token) is a compact, URL-safe token format used for authentication and authorization. It has three Base64url-encoded parts separated by dots: Header (algorithm), Payload (claims/data), and Signature. The server generates the signature using a secret key — clients can read the header and payload, but cannot forge a valid signature without the key. Decode any JWT with the JWT Decoder.
Q7 What is the difference between Base64 and Base64url?
Standard Base64 uses
+ and / characters, which have special meaning in URLs. Base64url replaces them with - and _, making the output URL-safe without percent-encoding. JWT tokens use Base64url encoding. When decoding a JWT manually, use Base64url decoding, not standard Base64.
Q8 How do I encode HTML special characters?
HTML entities encode characters that have special meaning in HTML markup. For example,
< becomes <, & becomes &. This is essential for safely rendering user-generated content without XSS vulnerabilities. Use the HTML Entity Encoder to encode or decode HTML-special text instantly.
Q9 Why does my JWT token show as expired?
The
exp claim in a JWT is a Unix timestamp (seconds since epoch). If the current time is past that value, the token is expired. Decode your token with the JWT Decoder to see the exact expiry time in human-readable format. To fix it, request a new token via your authentication flow (login, refresh token endpoint).
Free Encoding Tools
All tools run in your browser — no signup, no data sent to servers.