Base64 Basic Auth Header Encoder/Decoder
Create or inspect a Basic Auth credential string quickly, then jump straight into the live Base64 tool.
Use this page when you need to encode username:password, remove the Basic prefix from an existing header, or explain why Base64 is not encryption.
Use this when
A request fails because a Basic Auth header was copied incorrectly or built with the wrong payload.
What to inspect first
Confirm the credential pair is username:password, then check whether the header still includes the Basic prefix before decoding.
Common pitfall
Base64 changes representation, not secrecy. Treat the decoded credential string like plain text.
Encode a raw credential pair
Start with the plain username:password value, then encode only that payload.
aladdin:opensesame
YWxhZGRpbjpvcGVuc2VzYW1l
Decode an Authorization header
Strip the header prefix before decoding so the payload starts at the Base64 segment.
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
Match the curl shortcut
curl -u builds the same header for you, which is useful for quick sanity checks.
curl -u "aladdin:opensesame" https://api.example.com/me
Check Unicode credentials
The live tool accepts UTF-8 text, so non-ASCII credentials survive round-trips.
naive:pässwörd
A Basic Auth header is the word Basic, a space, and the Base64-encoded credential pair. Servers decode the pair back to plain text before checking it.
- Encode only the raw credential pair, not the Authorization header name.
- When you decode an existing header, remove the Basic prefix first.
Anyone who can read the header can decode the credential pair. Use HTTPS and proper secret handling because Base64 only changes transport representation.
- Use the Hash Generator when you need one-way fingerprints instead of reversible encoding.