UTF-8 safe in both directions, with standard and URL-safe alphabets. Everything runs locally in your browser.
Type in either box — the other follows.
Basic auth headers (Authorization: Basic base64(user:password)), JWT segments,
binary payloads in JSON, data URLs, webhook signatures. Base64 is encoding, not
encryption — it hides nothing, it only makes bytes safe to ship as text. The URL-safe
variant swaps +/ for -_ so tokens survive query strings, which is
why JWTs use it — if a token "won't decode", that's usually the reason; try the URL-safe mode
here, or decode the whole JWT properly with our JWT decoder.
Building the request that carries this value? ReqPad computes Basic auth headers for you and ships {{dynamic_variables}} for everything else — from your phone.
ReqPad runs REST, GraphQL, gRPC, MQTT, WebSocket & Socket.IO on iPhone and iPad — free to start, no account required.