# decode(_:) Decodes a URL-safe unpadded Base64 string to raw bytes. ``` static func decode(_ string: String) -> Data? ``` ## Parameters `string` The Base64URL-encoded text. Padding is optional in the input; both padded and unpadded forms decode successfully. ## Return Value The decoded `Data`, or `nil` if the input contains characters outside the URL-safe alphabet or cannot be aligned to a four-character group with added padding. ## Discussion Reverses the transformation performed by [`encode(_:)`](/documentation/OpenSSL/Base64URL/encode(_:)): restores `-`→`+`, `_`→`/`, re-appends the `=` padding that RFC 4648 §5 permits to be omitted, and delegates the final decode to Foundation’s `Data(base64Encoded:)`. Invalid input — characters outside the alphabet, or a length that cannot be padded to a multiple of four — returns `nil` rather than throwing. Typical consumers: JWT / JWS segments ([RFC 7515](https://datatracker.ietf.org/doc/html/rfc7515)), Nostr NIP-19 `note` / `nevent` payloads, WebAuthn credential blobs, and DID document fields. > Note: This function is a pure Swift wrapper; no `libcrypto` > interaction occurs. Security-sensitive callers should prefer > authenticated transports (JWS, signed envelopes) over hand- > rolled Base64URL round-tripping.