Base64URL for JWT, OAuth 2.0, and API identifiers — free, 100% local
URL-safe Base64 (Base64URL) replaces + with - and / with _ to produce strings safe in URLs, filenames, and query parameters. It is the format used by JWT tokens, the OAuth 2.0 protocol, and many APIs. Select URL-safe in the options to activate this variant.
Need the full tool with every Base64 option?
Open the Base64 tool →URL-safe variant and uncheck Padding (=) to get pure Base64URL, compatible with JWT.
Paste a Data URI or raw Base64 below, then click Decode.
| Aspect | Standard (RFC 4648 §4) | URL-safe (RFC 4648 §5) |
|---|---|---|
| Char 62 | + | - |
| Char 63 | / | _ |
| Padding | Required (=) | Usually omitted |
| Use cases | MIME, PEM, Kubernetes | JWT, OAuth, cookies, URLs |
URL-safe Base64 (RFC 4648 §5) uses - instead of + and _ instead of /. These characters are safe in URLs without percent-encoding. Padding (=) is often omitted.
Yes. JWT tokens encode the header and payload in Base64URL without padding. To decode a JWT payload, select URL-safe, uncheck padding, and paste the second part of the token (between the two dots).
It depends on the target system. JWT and OAuth 2.0 omit padding. Some APIs accept it with padding. The tool lets you choose via the Padding checkbox.