Base64 URL Encoder
Encode text to URL-safe Base64 (Base64url) instantly
Input
Output (URL-safe, no padding)
Base64 URL Encoding Examples
URL-safe Base64 replaces + with - and / with _, and strips = padding. Example:
Text with URL-unsafe characters
Input:
Base64url output (no +, /, or = characters):
Click Sample above to load example data.
What Is Base64 URL Encoding?
Base64url is defined in RFC 4648 Section 5 as a URL- and filename-safe variant of Base64. Standard Base64 uses +, /, and = which have special meanings in URLs—they must be percent-encoded when placed in query strings or path segments. Base64url avoids this by substituting - for +, _ for /, and omitting the = padding entirely.
Base64url is widely used in <a href="https://jwt.io/introduction" target="_blank" rel="noopener">JSON Web Tokens (JWTs)</a>, OAuth 2.0 PKCE challenges, URL-safe identifiers, and anywhere Base64 data must appear in URLs without escaping. For standard Base64, use the Base64 Encoder. To decode Base64url, use the Base64 URL Decoder.
How to Use This Tool
Paste Your Text
Type or paste your text into the left editor. Click Sample to load example text and see the Base64url output. All encoding runs in your browser—no data is sent to any server.
Read the URL-Safe Output
The right panel shows the Base64url result with no +, /, or = characters—safe to place directly in URLs, headers, or filenames without percent-encoding.
Copy or Download
Click <strong>Copy</strong> to put the result on your clipboard, or <strong>Download</strong> to save it as a <code>.txt</code> file. To decode a Base64url string back to text, use the Base64 URL Decoder.
Standard Base64 vs Base64url
The only differences between standard Base64 and Base64url are three characters in the alphabet and the padding rule:
The output of this tool can be decoded back by re-adding the correct <code>=</code> padding and substituting <code>-</code>/<code>_</code> back to <code>+</code>/<code>/</code>. The Base64 URL Decoder handles this automatically.
Where Base64url Is Used
JWTs: JSON Web Tokens encode their header, payload, and signature as Base64url so they can be placed in HTTP headers and URL query parameters without escaping. OAuth 2.0 PKCE: The code verifier and challenge use Base64url. WebAuthn: Credential IDs and challenge values are Base64url encoded. URL-safe identifiers: Session tokens, API keys, and random nonces stored in cookies or URLs use Base64url to avoid encoding issues.
If you need to embed binary data in a URL query parameter and percent-encoding would make it too long, Base64url keeps it compact and URL-safe. For standard Base64 (with <code>+</code> and <code>/</code>), use the Base64 Encoder. For decoding standard Base64, use the Base64 Decoder.
Frequently Asked Questions
Is my data private?
Yes. Encoding runs entirely in your browser using JavaScript. No data is sent to any server. You can verify this by checking your browser's Network tab while using the tool.
Why is there no = padding in the output?
RFC 4648 Section 5 defines Base64url without padding. The <code>=</code> character would need to be percent-encoded in URLs, defeating the purpose. Decoders that follow the spec re-add padding before decoding. The Base64 URL Decoder handles this automatically.
Can I use this for JWTs?
This tool encodes text to Base64url, which is the format used in the header and payload segments of a JWT. However, full JWT creation requires signing with a secret or private key. This tool is useful for encoding or inspecting JWT parts independently.
What's the difference from the Base64 Encoder?
The Base64 Encoder outputs standard Base64 using <code>+</code>, <code>/</code>, and <code>=</code>. This tool always outputs Base64url using <code>-</code>, <code>_</code>, and no padding—safe for use directly in URLs without any percent-encoding.
Does it support Unicode?
Yes. Text is first encoded to UTF-8 bytes using the browser's TextEncoder API, then converted to Base64url. Emoji, accented characters, and multi-byte scripts are all handled correctly.
Related Tools
For the formal specification, see RFC 4648 Section 5. The JWT introduction explains how Base64url is used in tokens.