Logo

MonoCalc

/

Base64 URL Encoder

Encode/Decode

Include = padding characters

About This Tool

🔗 Base64 URL Encoder – URL-Safe Encoding for Tokens & APIs

Base64 URL encoding is a text encoding format defined in RFC 4648 Section 5 that transforms arbitrary binary data into a compact, printable ASCII string safe for embedding directly in URLs, HTTP headers, JSON Web Tokens (JWTs), and cookie values — without requiring additional percent-encoding.

Standard Base64 vs Base64 URL

Standard Base64 uses the characters + and / which carry special meaning in URLs and must be escaped as %2B and %2F. Base64 URL elegantly solves this by substituting them:

CharacterStandard Base64Base64 URL
Index 62+-
Index 63/_
Padding= (required)= (optional)

How the Encoding Works

The encoder follows a deterministic four-step process for any input:

  1. Convert to bytes — The input string is encoded to a byte array using the selected character set (default UTF-8).
  2. Group into 3-byte blocks — Every three bytes form a 24-bit group; the last group is padded if necessary.
  3. Split into 6-bit values — Each 24-bit group yields four 6-bit indices (values 0–63).
  4. Map to URL-safe alphabet — Each index maps to a character from A-Z, a-z, 0-9, -, _.
// Core algorithm (JavaScript)
function base64UrlEncode(input, padding = false) {
  const bytes = new TextEncoder().encode(input);
  const base64 = btoa(String.fromCharCode(...bytes));
  const urlSafe = base64.replace(/\+/g, '-').replace(/\//g, '_');
  return padding ? urlSafe : urlSafe.replace(/=+$/, '');
}

// Example
base64UrlEncode("Hello, World!")  →  "SGVsbG8sIFdvcmxkIQ"

Common Use Cases

🔐 JSON Web Tokens (JWT)

JWT header and payload segments are Base64 URL encoded (without padding). The signature is also Base64 URL encoded after HMAC or RSA signing.

🔑 OAuth 2.0 & PKCE

The OAuth 2.0 PKCE flow uses Base64 URL (no padding) to encode the code_verifier and code_challenge values during authorization.

📎 URL Query Parameters

Encode binary data or structured objects to embed safely in URL query strings, path segments, and link-sharing tokens without breaking URL parsers.

🍪 Cookie Values & HTTP Headers

HTTP cookies and custom headers have character restrictions. Base64 URL encoding ensures binary payloads survive transport without corruption.

Size Overhead

Base64 encoding expands data size by approximately 33%. The exact formula for output character count is:

output_chars (with padding)    = ceil(inputBytes / 3) * 4
output_chars (without padding) = ceil(inputBytes * 4 / 3)
size_overhead (%)              = ((outputChars - inputBytes) / inputBytes) * 100

Padding Modes

Standard Base64 always pads the output to a multiple of 4 characters using = signs. Base64 URL encoding commonly omits padding because the string length is either known from context or can be inferred. Most JWT libraries and OAuth implementations use no padding by default.

Hex Input Mode

When working with raw binary data expressed as hexadecimal (e.g., hash digests, cryptographic keys, UUID bytes), the Hex input mode lets you paste a hex string and encode those exact bytes — bypassing character set interpretation entirely. For example, the hex bytes 48656c6c6f encode to SGVsbG8.

Converting Existing Standard Base64

If you already have a standard Base64 string with + and / characters, the tool's Base64 → Base64 URL conversion mode performs a simple character substitution without re-encoding, making migration of existing tokens straightforward.

Frequently Asked Questions

Is the Base64 URL Encoder free?

Yes, Base64 URL Encoder is totally free :)

Can I use the Base64 URL Encoder offline?

Yes, you can install the webapp as PWA.

Is it safe to use Base64 URL Encoder?

Yes, any data related to Base64 URL Encoder only stored in your browser (if storage required). You can simply clear browser cache to clear all the stored data. We do not store any data on server.

What is Base64 URL encoding?

Base64 URL encoding is a variant of standard Base64 defined in RFC 4648 §5. It replaces '+' with '-' and '/' with '_', making the output safe to use directly in URLs, query parameters, HTTP headers, and filenames without percent-encoding.

How does this encoder work?

The encoder converts your input text (or hex bytes) to a UTF-8 byte array, groups bytes into 3-byte blocks, splits each block into four 6-bit values, and maps each value to the Base64 URL-safe alphabet (A–Z, a–z, 0–9, -, _). Padding characters ('=') can be optionally included or removed.

What is the difference between standard Base64 and Base64 URL?

Standard Base64 uses '+' and '/' characters which have special meaning in URLs and must be percent-encoded. Base64 URL replaces these with '-' and '_', allowing the encoded string to be embedded directly in URLs without modification.

When should I use Base64 URL encoding?

Use Base64 URL encoding when you need to encode binary data for use in JWT (JSON Web Token) headers and payloads, OAuth 2.0 tokens, OpenID Connect flows, URL parameters, or cookie values — anywhere that '+' and '/' characters would be problematic.

Does Base64 URL encoding increase data size?

Yes, Base64 encoding increases the data size by approximately 33%. Every 3 bytes of input produce 4 Base64 characters. This overhead is the trade-off for text-safe, URL-safe data transmission.

Is Base64 URL encoding secure or encrypted?

No. Base64 URL encoding is purely a text encoding scheme — it provides no security or confidentiality. Anyone can decode a Base64 URL string back to the original data. For security, pair it with encryption (e.g., AES) or signing (e.g., HMAC).