Base64 Encode / Decode JSON

Base64 Inside JSON: Common Cases

JSON is a text-only format. It has no native type for binary data such as images, file contents, cryptographic keys, or raw byte sequences. To embed binary data in JSON, developers encode it as a Base64 string. The result is a JSON string value that looks like a long sequence of letters, numbers, and symbols — but actually represents structured binary data underneath.

You encounter Base64 values inside JSON in many real-world situations:

Kubernetes Secrets

Kubernetes stores secret values as Base64-encoded strings in JSON and YAML manifests. When you run kubectl get secret my-secret -o json, you get a response like:

{
  "data": {
    "password": "c3VwZXJzZWNyZXQ=",
    "api-key": "YWJjMTIzZGVmNDU2"
  }
}

The values are Base64-encoded strings that must be decoded to read the actual secrets.

Image Data URLs in JSON API Responses

APIs that return small images or icons often embed them directly as Base64 data URIs inside JSON responses. This avoids an extra HTTP request and simplifies caching. The field value looks like "data:image/png;base64,iVBORw0KGgo...".

Cryptographic Signatures and Keys

Public keys, certificate chains, and digital signatures in JSON payloads are frequently Base64 or Base64url encoded. JSON Web Keys (JWK) use Base64url encoding for the key components (n, e, d, etc.).

Firebase and Google Cloud Configuration

Service account credential files downloaded from Google Cloud contain various Base64-encoded fields. Configuration blobs passed via environment variables in CI/CD pipelines are often the entire JSON file encoded as a single Base64 string.

JWT and Base64

JSON Web Tokens (JWT) are perhaps the most well-known use of Base64 inside a JSON-adjacent format. A JWT consists of three parts separated by dots, each of which is Base64url encoded:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
.eyJzdWIiOiJ1c2VyMTIzIiwiaWF0IjoxNzA5MDAwMDAwfQ
.HMAC_SIGNATURE

The first part (header) decodes to:

{"alg":"HS256","typ":"JWT"}

The second part (payload) decodes to:

{"sub":"user123","iat":1709000000}

JWT uses Base64url — a variant that replaces + with - and / with _ and omits padding characters. This makes the token safe to use in URLs and HTTP headers without additional encoding. Our tool handles both standard Base64 and Base64url automatically.

Note that JWT payload data is only encoded, not encrypted. Anyone with the token can decode and read the payload. Never put sensitive information like passwords or private keys in a JWT payload.

How to Detect Base64 in JSON

Identifying Base64-encoded strings inside a JSON object manually can be tedious. Here are the characteristics our tool uses to detect likely Base64 values:

• Character set: Base64 uses only A-Z, a-z, 0-9, +, / and = (standard) or - and _ (url-safe variant)
• Length: Base64-encoded data always has a length that is a multiple of 4 when padded
• Minimum length: Short strings that happen to match the character set are usually not Base64; values under 8 characters are typically skipped
• Padding: Standard Base64 ends with 0, 1, or 2 = padding characters; Base64url may omit them
• Entropy: Base64 strings have high character entropy compared to natural language strings

Our tool scans every string value in your JSON, applies these heuristics, and highlights values that are likely Base64-encoded. You can then decode them individually or decode all detected values at once to produce an annotated version of your JSON with the decoded values inline.

Encoding vs Decoding

Our Base64 JSON tool supports both directions:

Decoding Base64 in JSON

Paste a JSON object containing Base64 string values. The tool detects and decodes them, replacing each encoded value with its decoded equivalent. If the decoded value is itself valid JSON, it is parsed and displayed as a nested JSON object for easy reading.

This is the most common use case: you receive a response from an API or Kubernetes and need to read the actual values hidden inside Base64 blobs.

Encoding Values to Base64

Select any string value in your JSON and encode it to Base64. The tool also supports encoding an entire JSON value (object or string) to a Base64 string — useful when you need to store a JSON sub-document as an encoded blob inside another JSON field, or when creating Kubernetes secret manifests from plaintext values.

Standard Base64 vs Base64url

Frequently Asked Questions

Why is Base64 used inside JSON?

JSON only supports text. Binary data — such as images, file contents, cryptographic keys, or raw byte sequences — cannot be represented directly in JSON. Base64 encoding converts binary data to a safe ASCII text string that can be stored as a JSON string value without breaking the JSON format.

How do I detect if a JSON string value is Base64 encoded?

Base64 strings use only the characters A-Z, a-z, 0-9, +, /, and = (or - and _ for Base64url). They are always a length divisible by 4 when padded. Our tool automatically scans all string values in your JSON and highlights those that appear to be Base64 encoded using character set and length heuristics.

What is the difference between Base64 and Base64url?

Standard Base64 uses + and / as special characters, which are problematic in URLs and HTTP headers. Base64url replaces those with - and _ and typically omits the = padding. JWTs use Base64url encoding. Our tool auto-detects both variants.

Is it safe to decode Base64 JSON online?

Yes. JSON Web Tools processes everything in your browser using JavaScript. Your JSON data never leaves your device. The tool works entirely offline after the initial page load. This is especially important when working with sensitive tokens, Kubernetes secrets, or API credentials.