{}JSONLint.app

JSON Base64 Encode/Decode

Encode JSON to Base64 or decode Base64 strings back to JSON:

What is Base64?

Base64 is a binary-to-text encoding scheme that converts binary data into ASCII characters. It's commonly used to embed binary data in text-based formats like JSON, XML, or HTML.

Why Base64 Encode JSON?

Common use cases for Base64-encoded JSON:

  • API Authentication — Many APIs expect credentials as Base64-encoded JSON
  • JWT Tokens — JWT payloads are Base64-encoded JSON
  • Data URIs — Embedding data in URLs or HTML
  • Cookie Storage — Storing complex data in cookies
  • Query Parameters — Passing JSON through URLs safely

Example

Original JSON:

{"name": "John", "role": "admin"}

Base64 encoded:

eyJuYW1lIjogIkpvaG4iLCAicm9sZSI6ICJhZG1pbiJ9

Base64 in Code

JavaScript

// Encode JSON to Base64
const json = { name: "John", role: "admin" };
const base64 = btoa(JSON.stringify(json));

// Decode Base64 to JSON
const decoded = JSON.parse(atob(base64));

Python

import base64
import json

# Encode
data = {"name": "John", "role": "admin"}
encoded = base64.b64encode(json.dumps(data).encode()).decode()

# Decode
decoded = json.loads(base64.b64decode(encoded).decode())

Command Line

# Encode
echo '{"name":"John"}' | base64

# Decode
echo 'eyJuYW1lIjoiSm9obiJ9' | base64 -d

Base64 URL-Safe Encoding

Standard Base64 uses + and / characters, which have special meaning in URLs. URL-safe Base64 replaces these with - and _.

StandardURL-Safe
+-
/_
= (padding)Often omitted

Common Mistakes

  • Encoding twice — If your JSON is already Base64, encoding again creates double-encoding issues
  • Character encoding — Always use UTF-8 when encoding strings with non-ASCII characters
  • Padding issues — Some systems strip = padding, which can cause decode errors

Related Tools

Common Mistakes & Pro Tips

  • Base64 is encoding, not encryptionBase64 only rearranges bytes into a text-safe alphabet; it provides zero confidentiality and anyone can decode it instantly. Never use it to "hide" passwords, tokens, or secrets — if data needs protecting, encrypt it before encoding.
  • Expect about a 33% size increaseBase64 represents every 3 bytes as 4 ASCII characters, so encoded output is roughly one-third larger than the input (plus padding). Factor this into payload-size limits and bandwidth, especially when embedding encoded JSON inside another request.
  • Standard vs URL-safe alphabets differ in two charactersStandard Base64 (RFC 4648) uses + and /, while the URL-safe variant uses - and _ so the string is safe in URLs and filenames. Decoding with the wrong alphabet fails or corrupts data, so match the variant the producer used.
  • Padding and UTF-8 matterStandard Base64 pads output with = to a multiple of four characters; some URL-safe encoders drop the padding, and a strict decoder may then reject it. Also ensure JSON with non-ASCII characters is encoded as UTF-8 bytes first, or accented characters and emoji can come back garbled.

Frequently Asked Questions

How do I encode my JSON to Base64?

Paste your JSON into the input and the tool returns the Base64-encoded string. Under the hood it serializes the text to UTF-8 bytes and applies the Base64 alphabet. You can then copy the result into a config file, data URI, or API field that expects an encoded blob.

What's the difference between standard and URL-safe Base64?

Both encode the same bytes, but standard Base64 uses + and / and pads with =, while URL-safe Base64 substitutes - for + and _ for / so the string can appear in URLs, query parameters, and filenames without escaping. JWTs, for example, use the URL-safe variant. Always decode with the same alphabet that was used to encode.

Why is my Base64 string longer than the original JSON?

Base64 maps every 3 input bytes to 4 output characters, an inherent 4:3 expansion, so the encoded form is about 33% larger before padding. This is the unavoidable cost of representing arbitrary bytes using only a 64-character printable alphabet.

Is Base64 a way to secure or hide my JSON?

No. Base64 is a reversible encoding with no key and no secret, so anyone can decode it back to the original in one step. If you need security, encrypt the JSON with a real cipher first and then Base64-encode the ciphertext if a text-safe format is required.

My decoded JSON has weird characters — what happened?

This usually means an encoding mismatch. If the original used UTF-8 but it's being decoded as a different charset, multi-byte characters like accents and emoji break. It can also happen if you decode URL-safe Base64 as standard, or vice versa — match the alphabet and treat the bytes as UTF-8.

Does encoding happen in my browser or on a server?

Entirely in your browser. The encode and decode operations are local JavaScript, so the JSON you paste is never uploaded. That means you can safely encode payloads that contain private data.