A Base encoding validator checks whether a string is valid Base64, Base64url, or Base32 encoded data — verifying character set, padding, and length requirements. Use it when debugging API responses, JWT tokens, TOTP secrets, or data pipelines that use base encoding. Paste your encoded string below to validate and decode.
Validation Checks
Decoded Output
Base Encoding Reference
| Encoding | Characters | Padding | Length multiple |
|---|---|---|---|
| Base64 | A-Z, a-z, 0-9, +, / | = (multiple of 4) | 4 |
| Base64url | A-Z, a-z, 0-9, -, _ | Optional (URL-safe) | 4 (or unpadded) |
| Base32 | A-Z, 2-7 | = (multiple of 8) | 8 |
How to Validate Base64 and Base32 Strings
Base encoding validator lets you check whether an encoded string is valid Base64, Base64url, or Base32 and decode it in one step. It's useful when debugging APIs, JWT tokens, TOTP secrets (Google Authenticator uses Base32), or any system that uses base encoding.
Step 1: Select Encoding Type
Choose "Auto-detect" to let the tool figure out the encoding type, or manually select Base64, Base64url, or Base32. Auto-detection works by checking the character set: Base32 only uses A-Z and 2-7 (uppercase, no lowercase). Base64url uses - and _ instead of + and /. Standard Base64 uses + and /.
Step 2: Paste and Validate
Paste your encoded string and click Validate. The tool checks: valid characters for the encoding type,
correct padding (= characters at end),
correct length (multiple of 4 for Base64, multiple of 8 for Base32), and actually decodable without error.
Step 3: View Decoded Output
If the string is valid, the decoded content is shown in three formats: Text (readable if the original was text), Hex (the raw byte values in hexadecimal), and Binary (raw byte values as 8-bit binary). Use Text for strings, Hex for binary data or keys, and Binary for analyzing the raw byte pattern.
Base64url in JWTs
JSON Web Tokens (JWTs) use Base64url encoding for all three parts (header, payload, signature) to make
them URL-safe. The Base64url variant replaces +
with - and
/ with
_, and omits trailing
= padding. When validating JWT segments,
select "Base64url" to correctly handle unpadded strings.
FAQ
Is this Base encoding validator free?
Yes, completely free with no account required. Paste your Base64 or Base32 string to validate and decode instantly. All processing runs in your browser — your data never leaves your device.
Is my data private?
Yes. Everything runs locally in your browser using JavaScript. Your encoded strings are never sent to any server and are not stored or logged.
What is the difference between Base64 and Base64url?
Standard Base64 uses + and / characters plus = padding. Base64url (used in JWTs and URLs) replaces + with - and / with _ to make the string URL-safe, and often omits padding. Both encode the same data but are not interchangeable without conversion.
What is Base32 used for?
Base32 uses A-Z and 2-7 (32 characters), producing longer but case-insensitive encodings. It's used in TOTP authentication codes (Google Authenticator), DNS records, and systems that need case-insensitive alphanumeric strings without confusing characters like 0/O or 1/l.
Why does my Base64 string fail validation with correct characters?
Base64 strings must have a length that is a multiple of 4 (with = padding). A string without proper padding will fail. Also, any whitespace, line breaks, or non-Base64 characters in the string will cause validation to fail — make sure you're copying the full string without extra characters.
How can I tell if a string is Base64 without decoding it?
A valid Base64 string: (1) contains only A-Z, a-z, 0-9, +, /, and = padding characters, (2) has a total length that is a multiple of 4, and (3) = padding only appears at the end (0, 1, or 2 equals signs). This validator checks all three conditions automatically.