1. Decode JWT Payloads Without a Library
JSON Web Tokens are everywhere in modern APIs, and their payload is just Base64URL-encoded JSON. When debugging auth issues, you don't need to fire up jwt.io — just grab the middle segment (between the two dots), swap - and _ for + and /, and decode it.
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.abc123
That middle part (eyJzdWIiOiIxMjM0NTY3ODkwIn0) decodes to {"sub":"1234567890"} — your user ID, expiry, and scopes, all in plain text. No library required.
2. Peek Inside HTTP Basic Auth Headers
Ever wondered what credentials your HTTP client is actually sending? The Authorization: Basic dXNlcjpwYXNz header is just Base64(username:password). Copy the token after "Basic " and decode it — you'll instantly see if the right credentials are being transmitted. Super useful when debugging misbehaving API clients or checking whether environment variables are being picked up correctly.
3. Embed Images Without Extra HTTP Requests
For small icons, logos, or email signatures, encoding to a data:image/png;base64,... URI lets you embed the image directly in HTML or CSS. No extra HTTP request, no separate file — perfect for single-page demos, HTML email templates, and performance-critical above-the-fold content. Just keep source images under 5KB or the encoded string gets unwieldy.
These tricks come up often enough that I built a quick Base64 encoder/decoder that handles both standard Base64 and Base64URL, works with files up to 50MB, and processes everything locally in your browser — nothing ever hits a server. No signup, no ads.
What Base64 tricks do you use regularly? I'd love to hear about them in the comments.
Top comments (0)