Base64 Encoding Explained: When and How to Use It
Learn what Base64 encoding is, how it works, when to use it, and common misconceptions. Practical examples for developers.
Base64 Encoding Explained: When and How to Use It
Base64 is one of those things developers use constantly without fully understanding. You've seen it in data URIs, API authentication headers, email attachments, and JWT tokens. But what is it actually doing?
What Is Base64?
Base64 is a binary-to-text encoding scheme that represents binary data using 64 ASCII characters: A-Z, a-z, 0-9, +, and /. The = character is used for padding.
It takes 3 bytes of binary data and converts them to 4 ASCII characters. This means Base64 encoded data is always about 33% larger than the original.
How It Works
The Encoding Process
- Take the input bytes and convert to a stream of bits
- Split the bit stream into groups of 6 bits (instead of the usual 8)
- Map each 6-bit group to one of 64 characters using this table:
Index: 0-25 → A-Z
Index: 26-51 → a-z
Index: 52-61 → 0-9
Index: 62 → +
Index: 63 → /
Example
Let's encode "Hi":
ASCII: H (72) i (105)
Binary: 01001000 01101001
Split into 6-bit groups:
010010 | 000110 | 1001XX
Map to Base64 characters:
010010 → S
000110 → G
100100 → k (padded with 00)
Result: SGk= (= for padding since we had leftover bits)
When to Use Base64
Data URIs
Embed small images directly in HTML or CSS:
<img src="data:image/png;base64,iVBORw0KGgoAAAANS..." />
This eliminates an HTTP request but increases the HTML size by ~33%. Good for small icons (under 2KB), bad for large images.
API Authentication
The HTTP Basic Authentication header uses Base64:
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Where dXNlcm5hbWU6cGFzc3dvcmQ= is Base64 for username:password.
Important: This is encoding, not encryption. Anyone can decode it. Always use HTTPS.
JSON Payloads
When you need to include binary data in JSON (which only supports text), Base64 is the standard approach:
{
"filename": "document.pdf",
"content": "JVBERi0xLjQKJe..."
}
Email Attachments (MIME)
Email protocols only support 7-bit ASCII text. Binary attachments are Base64-encoded in MIME format. This is why email attachments are larger than the original files.
JWT Tokens
JWTs use Base64URL encoding (a variant that replaces + with - and / with _) for the header and payload sections:
eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiQWxpY2UifQ.signature
When NOT to Use Base64
As Encryption
Base64 is not encryption. It provides zero security. Anyone can decode it instantly. If you need to protect data, use actual encryption (AES, RSA, etc.).
For Large Files
The 33% size overhead makes Base64 impractical for large files. If you're sending a 10MB file as Base64 in JSON, you're transmitting 13.3MB. Use multipart form uploads instead.
For URL Parameters (Use Base64URL)
Standard Base64 uses +, /, and = which have special meaning in URLs. Use Base64URL encoding instead, which replaces:
-
- with -
- / with _
- Removes trailing = padding
Base64 Variants
| Variant | Alphabet | Padding | Use Case |
|---|---|---|---|
| Standard | A-Z, a-z, 0-9, +, / | = | General purpose |
| Base64URL | A-Z, a-z, 0-9, -, _ | Optional | URLs, JWTs, filenames |
| MIME | Same as standard | = | Email, line-wrapped at 76 chars |
Try It
Encode and decode Base64 in your browser:
- Base64 Encode — convert text to Base64
- Base64 Decode — convert Base64 back to text
Both tools run entirely in your browser — your data stays on your machine.
Encode and decode Base64 safely with devformat.tools — 100% browser-based, zero data collection.