Someone sends you a blob that is "obviously encoded"—Base64 in a JSON field, percent signs in a URL, an xn-- hostname, or a JWT with three dot-separated chunks. The encoding hub on Toolcore is a shelf of small pages, not one universal decoder. This note tells you which page matches which symptom so you stop guessing.
Open the full card grid on the Encoding tools hub. Everything below runs in your browser unless a linked page says otherwise.
Base64 and URL query encoding (the usual first stop)
If you need to turn UTF-8 text into Base64—or encode a single query parameter with encodeURIComponent—start here. This is the page people mean when they search "base64 encode online" or "url encode online."
👉 /tools/encoding/base64 (Base64 & URL workspace)
Base64url and JWT-shaped strings
JWT header and payload segments use a URL-safe alphabet: - and _ instead of + and /, usually without padding. Do not run those segments through standard Base64 if the alphabet already looks URL-safe.
- Base64url encode / decode— RFC 4648 URL-safe Base64 on text.
- JWT decode— split the three parts and read JSON claims (no signature verify on this page).
- JWT sign & verify (HMAC) or verify with PEM— when you need crypto, not just decoding.
Whole URLs, components, and internationalized domains
Percent-encoding is not one function. Encoding a full URL preserves structure; encoding a single component (a path segment or query value) is stricter. Punycode is a different job entirely—it turns Unicode domain labels into xn-- ASCII for DNS.
- URI percent-encoding—
encodeURIvsencodeURIComponent. - Punycode / IDN— Unicode domain labels ↔ ASCII wire form.
- Data URL—
data:URIs with embedded Base64 or percent data. - URL parser— inspect parts after encoding, not instead of it.
Hex dumps and raw bytes
When the payload is already shown as 0x nibbles or space-separated hex pairs, use the hex page—not Base64. For varints in wasm or protobuf-style wire formats, LEB128 is the specialized tool.
- Hex encode & decode
- LEB128 (ULEB / SLEB)
- File hex preview— upload a small file and inspect bytes locally.
- Text ↔ binary string— UTF-8 as a
0101bit pattern.
HTML entities and Unicode escapes
Putting < in HTML is not Base64. Likewise, \u00e9 in a JavaScript string literal is a Unicode escape, not URL encoding. Pick the page that matches where the string will live.
- HTML entity encode / decode
- Unicode / JS escapes
- JSON string helpers— when the escape sits inside a quoted JSON value.
Base32, Base58, and other alphabets
Different specs pick different character sets on purpose. TOTP seeds often show up as Base32; Bitcoin addresses use Base58; Crockford Base32 drops ambiguous letters for humans typing codes.
- RFC Base32 and Crockford Base32
- Base58 and Base-36
- ASCII85 (Adobe) and Z85 (ZeroMQ)
- TOTP / authenticator— after you decode a Base32 secret from an otpauth URI.
Email bodies and MIME trivia
- Quoted-printable—
=XXescapes and soft line breaks in UTF-8 email. - MIME types & extensions— look up
Content-Type, not transform bytes. - Bencode— BitTorrent wire trees, not general-purpose encoding.
When you need encryption or hashing instead
Encoding is reversible formatting for transport. If the goal is secrecy or integrity, open the crypto workspace—AES, hashes, and friends live there, not on the Base64 card.
- Encrypt & hash
- HMAC— keyed digests for webhooks and signatures.
- Hash identifier— guess digest type from length and alphabet.
JSON, puzzles, and agent links
Base64 inside JSON? Try Base64 in JSON. Need strict JSON after decoding a field? JSON formatter. For a wider JSON task map, read Which JSON tool do I need?. ROT13 and Morse are on the hub for demos—not security—at ROT13 / Caesar and Morse code.
One habit worth keeping
These pages do not upload your paste for transformation, but screen shares and shared laptops still deserve redacted samples. Decode JWTs and Base64 blobs with the same care you would use in any online tab—tokens and API keys travel with the decoded JSON.