ToolboxHub
DevelopmentMarch 31, 20267 min read

What is Base64 Encoding? When and How to Use It

Understand Base64 encoding — what it is, why it exists, how it works under the hood, and practical use cases from data URIs to API authentication.

Share:

Base64 is one of those things every developer encounters but few truly understand. You see it in email attachments, data URIs, API tokens, and JWTs. But what exactly is Base64 encoding, and why does it exist? This guide explains everything from the underlying math to real-world applications.

What Base64 Encoding Actually Does

Base64 is a binary-to-text encoding scheme that converts binary data into a string of printable ASCII characters. It takes any sequence of bytes — an image, a PDF, raw binary data — and represents it using only 64 characters: A-Z, a-z, 0-9, +, and /, with = used for padding.

The name "Base64" comes from the fact that it uses a 64-character alphabet to represent data. Compare this to Base10 (decimal, 10 digits), Base16 (hexadecimal, 16 characters), or Base2 (binary, 2 digits).

Key takeaway: Base64 is not encryption — it provides no security. It's a way to represent binary data as safe, printable text for transport through systems that only handle text.

How Base64 Works Under the Hood

The encoding process follows a simple algorithm:

  1. Take 3 bytes (24 bits) of input data
  2. Split into 4 groups of 6 bits each
  3. Map each 6-bit group to a character from the Base64 alphabet
  4. If the input isn't divisible by 3, pad the output with = characters

For example, the text Hi (two bytes: 01001000 01101001) gets split into three 6-bit groups: 010010, 000110, 1001xx. The last group is padded with zeros. These map to S, G, k, and = — giving us SGk=.

This is why Base64 encoding increases data size by about 33%. Every 3 bytes of input become 4 bytes of output. A 1 MB image becomes roughly 1.33 MB when Base64 encoded.

Why Base64 Exists

Base64 solves a specific problem: many systems can only handle text. Email was designed for 7-bit ASCII text, not binary data. HTTP headers must be text. JSON values must be strings. XML content must be valid character data.

When you need to send binary data through these text-only channels, you have two options: escape every problematic byte (messy and format-specific) or encode the entire thing into safe characters (clean and universal). Base64 is that universal encoding.

Common Use Cases

Data URIs (Inline Images in HTML/CSS)

Instead of linking to an external image file, you can embed the image directly in your HTML or CSS using a data URI:

<img src="data:image/png;base64,iVBORw0KGgo..." />

This eliminates an HTTP request, which can speed up page loads for small images (icons, logos under 5 KB). For larger images, the 33% size increase makes data URIs counterproductive. Use our Image to Base64 tool to convert images instantly.

API Authentication (Basic Auth)

HTTP Basic Authentication encodes credentials as username:password in Base64:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

That string decodes to username:password. Remember: this is encoding, not encryption. Anyone can decode it. Basic Auth must always be used over HTTPS.

JSON Web Tokens (JWTs)

JWTs use Base64URL encoding (a URL-safe variant) for their header and payload sections. The three parts of a JWT — header, payload, signature — are each Base64URL-encoded and joined with dots. Try decoding one with our JWT Decoder.

Email Attachments (MIME)

Email was designed for text. When you attach a PDF or image to an email, the mail client Base64-encodes it and includes it in the message body with a MIME content-type header. The recipient's client decodes it back to the original file.

Storing Binary Data in JSON/XML

JSON has no binary type. If you need to include a small binary blob — a cryptographic signature, a thumbnail, a protobuf message — Base64 encoding is the standard approach.

Key takeaway: Use Base64 when you need to pass binary data through text-only channels. Don't use it as a security measure — it's trivially reversible.

Base64 vs URL Encoding vs Hex Encoding

These encodings serve different purposes:

  • Base64: Encodes binary data as text. Use for embedding files, transmitting binary through text protocols
  • URL encoding (percent-encoding): Escapes special characters in URLs. hello world becomes hello%20world. Use our URL Encoder for this
  • Hex encoding: Represents each byte as two hex characters. Doubles the size (vs. 33% for Base64) but is easier to read for debugging

Base64 Variants

The standard Base64 alphabet uses + and /, which are problematic in URLs (they have special meanings). Base64URL replaces these with - and _, making the output URL-safe. JWTs and many APIs use Base64URL.

Some implementations also omit the = padding, since the decoder can calculate the original length from the output length.

When NOT to Use Base64

  • Large files: The 33% size increase adds up. Serve images and files directly instead of embedding them
  • Security: Base64 is not encryption. Never use it to "hide" passwords or sensitive data
  • Human-readable data: If the data is already text, Base64 encoding just makes it unreadable for no benefit
  • Performance-critical paths: Encoding and decoding has a CPU cost. For high-throughput systems, prefer binary protocols

Encode and Decode Base64 Instantly

Need to encode or decode Base64 right now? Our free Base64 Encoder & Decoder handles text and files instantly in your browser. For images specifically, the Image to Base64 converter generates ready-to-use data URIs.

Tools Mentioned in This Article

🔣

Base64 Encoder/Decoder

Encode text to Base64 or decode Base64 strings back to plain text.

🖼️

Image to Base64

Convert images to Base64 encoded strings for embedding in code.

🌐

URL Encoder/Decoder

Encode or decode URL components for safe use in web addresses.

🔓

JWT Decoder

Decode and inspect JSON Web Tokens without verification.

Related Articles

Understanding JSON: The Complete Beginner's Guide

9 min read

← Previous

DNS Records Explained: A Complete Beginner's Guide

Next →

Understanding JSON: The Complete Beginner's Guide