Understanding Base64 encoding: a developer's handbook
What is Base64 encoding?
Base64 is a binary-to-text encoding scheme. It represents binary data as ASCII text using 64 characters: A-Z, a-z, 0-9, +, and /. The = character is used for padding.
It is widely used for transmitting data over channels that only handle text, such as email (MIME) and HTTP headers.
How it works
The encoding process follows three steps:
- Take each group of three bytes (24 bits) from the input
- Split those 24 bits into four groups of six bits each
- Map each six-bit value (0–63) to its Base64 character
If the input length is not divisible by three, padding characters (=) are added so the output is a multiple of four characters.
Common use cases
- Data URIs — Embed images in HTML or CSS:
data:image/png;base64,iVBOR... - JWT tokens — JSON Web Tokens use Base64url for their header, payload, and signature
- HTTP basic auth — username:password is Base64-encoded in the Authorization header
- Email attachments — MIME encodes binary attachments for SMTP
- API payloads — Some APIs accept Base64-encoded binary data in JSON
Base64 vs Base64url
Standard Base64 uses + and /, which have special meaning in URLs. Base64url replaces them with - and _, removing the need for extra encoding.
When working with web APIs or JWTs, always prefer Base64url.
Common mistakes
- Not all strings are valid Base64 — Invalid characters, wrong padding, or extra whitespace cause decode failures
- Base64 is not encryption — It is encoding. Anyone can decode it in seconds
- Size overhead — Base64 increases data size by about 33%. This matters for large payloads
- Character encoding matters — UTF-8 strings must be encoded to bytes before Base64, and behavior can differ across platforms
Try it yourself
Use the Base64 encoder and Base64 decoder to experiment in real time. Both run entirely in your browser.