JSON to Base64 Encoder Online — Encode JSON

Stringify JSON, encode through UTF-8, output as standard Base64 or URL-safe Base64url — perfect for Kubernetes Secret data fields, query strings, JWT-style payloads, and data URLs.

URL-Safe (Base64url)

JSON Input

Base64 Output

What is a JSON to Base64 encoder?

A JSON to Base64 encoder stringifies a JSON value, encodes it as UTF-8 bytes, and converts those bytes into an ASCII-safe Base64 string. The result is suitable for embedding wherever raw JSON cannot live unescaped — Kubernetes Secret data fields, query strings, HTTP headers, JWT-style tokens, and data: URIs.

Two flavours exist. Standard Base64 uses +, /, and = padding — the right choice for Kubernetes Secret data fields, HTTP bodies, and storage. URL-safe Base64url swaps + for - and / for _ and drops padding, making it safe inside URLs and filenames. This encoder offers both via a single toggle.

How to encode JSON to Base64 — 4 steps

Paste JSON. Any valid JSON value — object, array, primitive — is accepted. Click Load Sample to try a Kubernetes ServiceAccount payload.
Choose the variant. Standard Base64 (default) for K8s Secrets and HTTP bodies; URL-Safe (Base64url) for query strings and tokens.
Click Encode. The encoder validates and minifies the JSON, encodes through UTF-8, and emits the Base64 string.
Copy. Paste the result into your manifest, request, or token without further escaping.

Sample input and output

JSON input

{
  "user": "jane",
  "role": "admin",
  "env": "prod"
}

Base64 output (standard)

eyJ1c2VyIjoiamFuZSIsInJvbGUi
OiJhZG1pbiIsImVudiI6InByb2Qi
fQ==

Validate Before Encoding

JSON is parsed first — invalid input fails fast instead of producing Base64 that decodes to broken JSON downstream.

Minified Output

Whitespace is stripped before encoding to produce the shortest possible Base64 — important for query strings and token size limits.

URL-Safe Toggle

One click switches to Base64url with - / _ and stripped padding so the result drops cleanly into a URL or filename.

Common use cases

check_circleEncoding JSON values for the Kubernetes Secret data field (use standard Base64, not Base64url)
check_circleBuilding Base64url JWT payload segments before signing them with a library
check_circleEmbedding JSON state in a URL query parameter (?state=eyJ...) for OAuth callbacks
check_circleGenerating data URLs (data:application/json;base64,...) for inline JSON resources
check_circleEncoding JSON config for environment variables in PaaS platforms (Vercel, Netlify, Heroku)
check_circleProducing Base64-encoded JSON cookies or signed-cookie payloads
check_circleAttaching JSON metadata to HTTP headers that disallow special characters
check_circleEncoding JSON for transmission inside SQS, SNS, or Kafka message bodies

JSON to Base64 vs raw text Base64

A generic Base64 encoder happily encodes whatever you paste — including malformed JSON, which then decodes to a string a downstream consumer cannot parse. This encoder validates the JSON first, so a missing comma surfaces immediately rather than at 3am in production. It also minifies, which a plain encoder cannot do without breaking arbitrary input. For non-JSON binary or text payloads, use a generic Base64 encoder.

Need to clean up the JSON first?

Format, validate, or convert your JSON with the rest of OpenFormatter before encoding.

JSON Formatter JSON Validator Base64 to JSON

Frequently Asked Questions

What is the difference between standard Base64 and URL-safe Base64url?

Standard Base64 uses + and / and adds = padding. URL-safe Base64url replaces + with - and / with _ and usually omits the = padding so the string is safe to drop into a URL or filename without percent-encoding. Toggle URL-Safe in this tool to produce the Base64url variant — useful for query parameters, JWT-style tokens, and S3 object keys.

How do I encode JSON for a Kubernetes Secret data field?

Paste the JSON (for example a service-account key or a config blob), click Encode, and copy the resulting Base64. Place it under data: in your Secret manifest. Important: use the standard Base64 output (URL-Safe off). Kubernetes data fields require standard Base64 — using Base64url will fail validation. If you do not want to encode by hand, set the value under stringData: instead and Kubernetes encodes it for you.

Why is my JSON minified before encoding?

Whitespace adds bytes that translate into a longer Base64 string with no semantic value. Minifying first produces the smallest possible token, which matters when the result will live in a query string, JWT, or HTTP header. The decoded bytes still parse to the exact same JSON object.

Does this handle non-ASCII characters in JSON correctly?

Yes. Multi-byte UTF-8 characters (emoji, accented letters, CJK glyphs) are encoded as UTF-8 bytes before Base64 — using the btoa(unescape(encodeURIComponent(s))) idiom — so the round-trip preserves them exactly. Naive btoa() alone would throw on any character above U+00FF.

Can I use this output as a JWT?

It produces a JWT-style payload segment but not a complete JWT. A JWT is three Base64url segments joined by dots (header.payload.signature) and the signature requires a secret or private key. Use this tool to encode the payload, then sign it with a JWT library — or use a dedicated JWT issuer.

Is the encoded Base64 safe to put in a URL query string?

Standard Base64 contains + and / which must be percent-encoded inside URLs. Toggle URL-Safe to emit Base64url (- and _ with no padding) — that variant drops directly into a query string without any further escaping.

How do I decode this back to JSON?

Use the Base64 to JSON tool — paste the Base64 string and it decodes, parses, and pretty-prints. The decoder accepts both standard Base64 and Base64url, so either output from this encoder works as input there.

Is my JSON sent to a server before encoding?

No. Validation, minification, UTF-8 encoding, and Base64 conversion all run inside your browser tab. Service-account keys, API tokens, and customer data stay local — verify in DevTools Network tab that no request fires when you click Encode.