URL-safe Converter

URL-safe Converter

URL-safe Base64 converter online. Convert between standard Base64 and URL-safe Base64 format (replaces +/ with -_). Free browser tool.

Standard Base64

URL-safe Base64

Character Replacements

StandardURL-safeReason
+-+ means space in URLs
/_/ is path separator
=(removed)= is reserved in query strings

Features

  • Convert between standard and URL-safe Base64
  • Automatic format detection
  • Replace + with - and / with _ (RFC 4648)
  • Handle padding differences
  • Bi-directional conversion
  • Copy converted output instantly

Common Use Cases

  • Encode data for transmission in URLs
  • Convert JWT tokens to URL-safe format
  • Fix Base64 strings in query parameters
  • Create URL-friendly file identifiers
  • Prepare Base64 for use in HTML attributes

URL-Safe Base64 Encoding

URL-safe Base64 is a variant of Base64 that replaces characters which have special meaning in URLs. This prevents encoding issues when Base64 data is used in URLs, query parameters, or file names.

Character replacements (RFC 4648):

  • + (plus) → - (minus/hyphen)
  • / (slash) → _ (underscore)
  • = (padding) → Often omitted or preserved

Why URL-safe Base64? Standard Base64 uses + and /, which have special meanings in URLs. The + character becomes a space when URL-decoded, and / is a path separator. These issues break Base64 data in URLs.

Common in: JWT tokens, OAuth2 tokens, URL parameters with encoded data, RESTful API identifiers, cookie values.

Note: Both formats are Base64, just with different characters. The underlying data is identical.

Examples

Valid - Standard Base64 to URL-safe
Standard: SGVsbG8rV29ybGQvMTIz
URL-safe: SGVsbG8tV29ybGQvMTIz
// + → -, / → _
Valid - URL-safe to Standard Base64
URL-safe: aGVsbG8_d29ybGQ-
Standard: aGVsbG8/d29ybGQ+
// - → +, _ → /
Valid - JWT token (URL-safe Base64)
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0
// No + or / characters, safe for URLs

Frequently Asked Questions

When should I use URL-safe Base64?

Use URL-safe Base64 whenever the encoded data will appear in URLs, query parameters, file names, or HTTP headers. Examples: JWT tokens, OAuth2 tokens, URL shorteners, API keys in URLs, or any identifier in a REST API path.

Is URL-safe Base64 compatible with standard Base64?

Yes! The encoding is identical—only the characters differ. You can convert between them by replacing +- and /_. Most Base64 libraries support both formats. The decoded binary data is exactly the same.

Do I need to remove padding (=) for URL-safe Base64?

It depends. RFC 4648 allows padding to be omitted in URL-safe Base64 since it can be inferred from the data length. JWT tokens, for example, omit padding. However, some libraries require padding. Test with your specific use case.

Why do JWT tokens use URL-safe Base64?

JWT tokens are often transmitted in URLs (query parameters) or HTTP headers (Authorization: Bearer). URL-safe Base64 ensures the token doesn't break due to special characters like + and / being misinterpreted by browsers or servers.

Can I use URL-safe Base64 in HTML attributes?

Yes! URL-safe Base64 is also HTML-attribute-safe. The characters - and _ don't require escaping in HTML, unlike + and /. This makes it ideal for data attributes, hidden inputs, and meta tags.