Developer5 min read

Base64 Explained

Base64 shows up everywhere — in JWTs, email attachments, image embeds, and API responses. Here is exactly what it is, how it works, and when you should and should not use it.

🔄

Encode or decode Base64 instantly

Use our free Base64 Encoder and Base64 Decoder — runs entirely in your browser.

What is Base64?

Base64 is a binary-to-text encoding scheme that converts binary data into a string of 64 printable ASCII characters. It was designed to safely transmit binary data over channels that only handle text — like email or HTTP headers.

The 64 characters used are: A–Z, a–z, 0–9, and the symbols + and /. The = character is used for padding.

How Base64 Encoding Works

Base64 takes every 3 bytes (24 bits) of binary data and splits them into four 6-bit groups. Each 6-bit group maps to one of the 64 characters in the Base64 alphabet.

Text:    M        a        n
ASCII:   77       97       110
Binary:  01001101 01100001 01101110

Split into 6-bit groups:
         010011  010110  000101  101110

Base64:  T       W       F       u

Result:  "Man" → "TWFu"

Quick Examples

Hello→SGVsbG8=

Hello, World!→SGVsbG8sIFdvcmxkIQ==

DevUtils→RGV2VXRpbHM=

1→MQ==

abc→YWJj

Common Use Cases

Data URIs (inline images)

Embed images directly in HTML or CSS without a separate HTTP request.

<img src="data:image/png;base64,iVBORw0KGgo..." />

JWT Tokens

JWT headers and payloads are Base64URL encoded (a URL-safe variant).

eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyIn0.xxx

Email Attachments (MIME)

Email protocols transfer binary attachments as Base64 encoded text.

Content-Transfer-Encoding: base64

API Authentication

HTTP Basic Auth encodes credentials as Base64 in the Authorization header.

Authorization: Basic dXNlcjpwYXNzd29yZA==

Base64 in JavaScript

// Encode
btoa("Hello, World!")
// → "SGVsbG8sIFdvcmxkIQ=="

// Decode
atob("SGVsbG8sIFdvcmxkIQ==")
// → "Hello, World!"

// For Unicode support:
btoa(unescape(encodeURIComponent("héllo")))
decodeURIComponent(escape(atob(encoded)))

Base64 vs Base64URL

Standard Base64 uses + and / which are special characters in URLs. Base64URL replaces them with - and _ and omits padding — making it safe to use in URLs and JWT tokens.

Standard Base64

SGVs+bG8/IFdvcmxkIQ==

Base64URL

SGVs-bG8_IFdvcmxkIQ

When NOT to Use Base64

✗Don't use Base64 as encryption — it provides zero security
✗Avoid for large files — it increases size by ~33%
✗Don't store passwords in Base64 — use bcrypt or Argon2
✗Avoid inlining large images — hurts page load performance

Related Tools

Base64 Encoder

Encode text to Base64

Base64 Decoder

Decode Base64 strings

JWT Decoder

Decode JWT tokens

Hash Generator

Generate SHA hashes