# Encoding Built-ins

| Function | Description | Meta |
| --- | --- | --- |
| `base64.decode` | `y := base64.decode(x)`  Deserializes the base64 encoded input string.  **Arguments:**  `x` (string)  string to decode  **Returns:**  `y` (string)  base64 deserialization of `x` | Wasm |
| `base64.encode` | `y := base64.encode(x)`  Serializes the input string into base64 encoding.  **Arguments:**  `x` (string)  string to encode  **Returns:**  `y` (string)  base64 serialization of `x` | Wasm |
| `base64.is_valid` | `result := base64.is_valid(x)`  Verifies the input string is base64 encoded.  **Arguments:**  `x` (string)  string to check  **Returns:**  `result` (boolean)  `true` if `x` is valid base64 encoded value, `false` otherwise | [v0.24.0](https://github.com/open-policy-agent/opa/releases/v0.24.0) Wasm |
| `base64url.decode` | `y := base64url.decode(x)`  Deserializes the base64url encoded input string.  **Arguments:**  `x` (string)  string to decode  **Returns:**  `y` (string)  base64url deserialization of `x` | Wasm |
| `base64url.encode` | `y := base64url.encode(x)`  Serializes the input string into base64url encoding.  **Arguments:**  `x` (string)  string to encode  **Returns:**  `y` (string)  base64url serialization of `x` | Wasm |
| `base64url.encode_no_pad` | `y := base64url.encode_no_pad(x)`  Serializes the input string into base64url encoding without padding.  **Arguments:**  `x` (string)  string to encode  **Returns:**  `y` (string)  base64url serialization of `x` | [v0.25.0-rc2](https://github.com/open-policy-agent/opa/releases/v0.25.0-rc2) SDK-dependent |
| `hex.decode` | `y := hex.decode(x)`  Deserializes the hex-encoded input string.  **Arguments:**  `x` (string)  a hex-encoded string  **Returns:**  `y` (string)  deserialized from `x` | [v0.25.0-rc2](https://github.com/open-policy-agent/opa/releases/v0.25.0-rc2) SDK-dependent |
| `hex.encode` | `y := hex.encode(x)`  Serializes the input string using hex-encoding.  **Arguments:**  `x` (string)  string to encode  **Returns:**  `y` (string)  serialization of `x` using hex-encoding | [v0.25.0-rc2](https://github.com/open-policy-agent/opa/releases/v0.25.0-rc2) SDK-dependent |
| `json.is_valid` | `result := json.is_valid(x)`  Verifies the input string is a valid JSON document.  **Arguments:**  `x` (string)  a JSON string  **Returns:**  `result` (boolean)  `true` if `x` is valid JSON, `false` otherwise | [v0.25.0-rc1](https://github.com/open-policy-agent/opa/releases/v0.25.0-rc1) Wasm |
| `json.marshal` | `y := json.marshal(x)`  Serializes the input term to JSON.  **Arguments:**  `x` (any)  the term to serialize  **Returns:**  `y` (string)  the JSON string representation of `x` | Wasm |
| `json.marshal_with_options` | `y := json.marshal_with_options(x, opts)`  Serializes the input term JSON, with additional formatting options via the `opts` parameter. `opts` accepts keys `pretty` (enable multi-line/formatted JSON), `prefix` (string to prefix lines with, default empty string) and `indent` (string to indent with, default `\t`).  **Arguments:**  `x` (any)  the term to serialize  `opts` (object<indent: string, prefix: string, pretty: boolean>\[string: any\])  encoding options  **Returns:**  `y` (string)  the JSON string representation of `x`, with configured prefix/indent string(s) as appropriate | [v0.64.0](https://github.com/open-policy-agent/opa/releases/v0.64.0) SDK-dependent |
| `json.unmarshal` | `y := json.unmarshal(x)`  Deserializes the input string.  **Arguments:**  `x` (string)  a JSON string  **Returns:**  `y` (any)  the term deserialized from `x` | Wasm |
| `urlquery.decode` | `y := urlquery.decode(x)`  Decodes a URL-encoded input string.  **Arguments:**  `x` (string)  the URL-encoded string  **Returns:**  `y` (string)  URL-encoding deserialization of `x` | SDK-dependent |
| `urlquery.decode_object` | `object := urlquery.decode_object(x)`  Decodes the given URL query string into an object.  **Arguments:**  `x` (string)  the query string  **Returns:**  `object` (object\[string: array\[string\]\])  the resulting object | [v0.24.0](https://github.com/open-policy-agent/opa/releases/v0.24.0) SDK-dependent |
| `urlquery.encode` | `y := urlquery.encode(x)`  Encodes the input string into a URL-encoded string.  **Arguments:**  `x` (string)  the string to encode  **Returns:**  `y` (string)  URL-encoding serialization of `x` | SDK-dependent |
| `urlquery.encode_object` | `y := urlquery.encode_object(object)`  Encodes the given object into a URL encoded query string.  **Arguments:**  `object` (object\[string: any<string, array\[string\], set\[string\]>\])  the object to encode  **Returns:**  `y` (string)  the URL-encoded serialization of `object` | SDK-dependent |
| `yaml.is_valid` | `result := yaml.is_valid(x)`  Verifies the input string is a valid YAML document.  **Arguments:**  `x` (string)  a YAML string  **Returns:**  `result` (boolean)  `true` if `x` is valid YAML, `false` otherwise | [v0.25.0-rc1](https://github.com/open-policy-agent/opa/releases/v0.25.0-rc1) SDK-dependent |
| `yaml.marshal` | `y := yaml.marshal(x)`  Serializes the input term to YAML.  **Arguments:**  `x` (any)  the term to serialize  **Returns:**  `y` (string)  the YAML string representation of `x` | SDK-dependent |
| `yaml.unmarshal` | `y := yaml.unmarshal(x)`  Deserializes the input string.  **Arguments:**  `x` (string)  a YAML string  **Returns:**  `y` (any)  the term deserialized from `x` | SDK-dependent |

The `json.marshal_with_options` builtin's `opts` parameter accepts the following properties:

| Field | Required | Type | Default | Description |
| --- | --- | --- | --- | --- |
| `pretty` | No | `bool` | `true` if `indent` or `prefix` are declared,   `false` otherwise | Enables multi-line, human-readable JSON output ("pretty-printing").   If this property is `true`, then objects will be marshaled into multi-line JSON with either user-specified or default indent/prefix options. If this property is `false`, `indent`/`prefix` will be ignored and this builtin functions identically to `json.marshal()`. |
| `indent` | No | `string` | `"\t"`   (Horizontal tab, character 0x09) | The string to use when indenting nested keys in the emitted JSON. One or more copies of this string will be included before child elements in every object or array. |
| `prefix` | No | `string` | `""`   (empty) | The string to prefix lines with in the emitted JSON. One copy of this string will be prepended to each line. |

Default values will be used if:

*   `opts` is an empty object.
*   `opts` does not contain the named property.

Examples

OPA Envoy Header Manipulation

This example shows how `base64.encode` acts as a utility function to bridge communication between client and server when they don't speak the same language.

Suppose that some legacy client sends credentials in custom headers (`x-username`, `x-password`), but the downstream service expects HTTP Basic Authentication. This example policy uses the base64 function to deliver this transparently to the downstream caller.

This might be useful in an API gateway where you need to adapt between different authentication schemes without the option of editing clients and downstream servers.

policy.rego

```
package envoy.authz# Extract credentials from request headerheaders := input.attributes.request.http.headersusername := headers["x-username"]password := headers["x-password"]# Default deny - only allow if credentials are provideddefault allow := falseallow if {    username != ""    password != ""}# Add Authorization header to downstream request using base64 encodingresponse_headers_to_add := {    "Authorization": sprintf(        "Basic %s", [            base64.encode(sprintf(                "%s:%s", [username, password])            )        ]    )}
```

Output

{
  "allow": true,
  "headers": {
    "x-password": "secret123",
    "x-username": "alice"
  },
  "password": "secret123",
  "response\_headers\_to\_add": {
    "Authorization": "Basic YWxpY2U6c2VjcmV0MTIz"
  },
  "username": "alice"
}

input.json

```
{  "attributes": {    "request": {      "http": {        "headers": {          "x-username": "alice",          "x-password": "secret123"        }      }    }  }}
```

data.json

```
{}
```

[Open in OPA Playground](https://play.openpolicyagent.org/?state=eyJpIjoie1xuICBcImF0dHJpYnV0ZXNcIjoge1xuICAgIFwicmVxdWVzdFwiOiB7XG4gICAgICBcImh0dHBcIjoge1xuICAgICAgICBcImhlYWRlcnNcIjoge1xuICAgICAgICAgIFwieC11c2VybmFtZVwiOiBcImFsaWNlXCIsXG4gICAgICAgICAgXCJ4LXBhc3N3b3JkXCI6IFwic2VjcmV0MTIzXCJcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH1cbiAgfVxufSIsImQiOiJ7fSIsInAiOiJwYWNrYWdlIGVudm95LmF1dGh6XG5cbiMgRXh0cmFjdCBjcmVkZW50aWFscyBmcm9tIHJlcXVlc3QgaGVhZGVyXG5oZWFkZXJzIDo9IGlucHV0LmF0dHJpYnV0ZXMucmVxdWVzdC5odHRwLmhlYWRlcnNcblxudXNlcm5hbWUgOj0gaGVhZGVyc1tcIngtdXNlcm5hbWVcIl1cbnBhc3N3b3JkIDo9IGhlYWRlcnNbXCJ4LXBhc3N3b3JkXCJdXG5cbiMgRGVmYXVsdCBkZW55IC0gb25seSBhbGxvdyBpZiBjcmVkZW50aWFscyBhcmUgcHJvdmlkZWRcbmRlZmF1bHQgYWxsb3cgOj0gZmFsc2VcblxuYWxsb3cgaWYge1xuICAgIHVzZXJuYW1lICE9IFwiXCJcbiAgICBwYXNzd29yZCAhPSBcIlwiXG59XG5cbiMgQWRkIEF1dGhvcml6YXRpb24gaGVhZGVyIHRvIGRvd25zdHJlYW0gcmVxdWVzdCB1c2luZyBiYXNlNjQgZW5jb2RpbmdcbnJlc3BvbnNlX2hlYWRlcnNfdG9fYWRkIDo9IHtcbiAgICBcIkF1dGhvcml6YXRpb25cIjogc3ByaW50ZihcbiAgICAgICAgXCJCYXNpYyAlc1wiLCBbXG4gICAgICAgICAgICBiYXNlNjQuZW5jb2RlKHNwcmludGYoXG4gICAgICAgICAgICAgICAgXCIlczolc1wiLCBbdXNlcm5hbWUsIHBhc3N3b3JkXSlcbiAgICAgICAgICAgIClcbiAgICAgICAgXVxuICAgIClcbn1cbiJ9)