What is Base64 encoding used for?

Base64 encodes binary data as ASCII text for safe transmission through text-only channels. Common uses include email attachments, data URIs in HTML/CSS, API authentication headers, JWT tokens, and embedding binary data in JSON.

Is Base64 encoding the same as encryption?

No. Base64 is encoding, not encryption. Anyone can decode Base64 without a key. It provides no security whatsoever—it simply converts binary to text format. Always use actual encryption (AES, RSA) for sensitive data.

Why does Base64 make files 33% bigger?

Base64 converts every 3 bytes of input into 4 ASCII characters. Since 4/3 = 1.33, the output is always approximately 33% larger than the input. This is the fundamental trade-off of representing binary data as text.

What is the difference between Base64 and Base64URL?

Standard Base64 uses + and / characters which have special meanings in URLs. Base64URL replaces + with - and / with _, and omits the = padding. Use Base64URL for URLs, filenames, and JWT tokens.

Should I use Base64 for image embedding in websites?

Only for small images under 10KB (icons, simple logos). Base64 images are 33% larger and can't be cached separately by browsers. For larger images, serve them as separate files with proper caching headers.

Base64 Encoding Explained: When and How to Use It

March 16, 2026 · 7 min read

What Is Base64 Encoding?

Base64 is a binary-to-text encoding scheme that converts binary data into a string of ASCII characters. It represents binary data using only 64 printable characters: A-Z, a-z, 0-9, +, and /, with = used for padding. This makes it safe to transmit binary data through text-only channels like email, JSON APIs, and HTML.

The name "Base64" comes from the 64-character alphabet used in the encoding. Unlike encryption, Base64 is not a security measure—it's simply a way to represent binary data as text. Anyone can decode Base64 back to its original form without any key or password.

Base64 is everywhere in modern web development: data URIs in HTML/CSS, email attachments (MIME), JWT tokens, API authentication headers, and embedded images. Understanding when and how to use it is a fundamental developer skill.

How Base64 Works Under the Hood

The encoding process converts every 3 bytes (24 bits) of input into 4 Base64 characters (6 bits each). Here's the step-by-step process:

# Step 1: Take 3 bytes of input
Input text: "Hi!"
Binary: 01001000 01101001 00100001

# Step 2: Split into 6-bit groups
010010 000110 100100 100001

# Step 3: Map each 6-bit group to Base64 alphabet
010010 → S (18)
000110 → G (6)
100100 → k (36)
100001 → h (33)

# Result: "Hi!" → "SGkh"

# Base64 alphabet (index 0-63):
# A-Z (0-25), a-z (26-51), 0-9 (52-61), + (62), / (63)

When the input length isn't divisible by 3, Base64 adds padding with = characters. One byte of input produces two Base64 characters plus ==, and two bytes produce three Base64 characters plus =.

# Padding examples
"A"    → "QQ=="   (1 byte → 2 chars + ==)
"AB"   → "QUI="   (2 bytes → 3 chars + =)
"ABC"  → "QUJD"   (3 bytes → 4 chars, no padding)

🛠️ Try it yourself

Base64 Encoder/Decoder → URL Encoder →

Encoding and Decoding in Practice

Every major programming language provides built-in Base64 support. Here's how to encode and decode in the most popular languages:

# JavaScript (Browser & Node.js)
btoa("Hello World")           // "SGVsbG8gV29ybGQ="
atob("SGVsbG8gV29ybGQ=")     // "Hello World"

// Node.js Buffer (handles Unicode)
Buffer.from("Hello").toString("base64")  // "SGVsbG8="
Buffer.from("SGVsbG8=", "base64").toString()  // "Hello"

# Python
import base64
base64.b64encode(b"Hello World")  # b'SGVsbG8gV29ybGQ='
base64.b64decode(b"SGVsbG8gV29ybGQ=")  # b'Hello World'

# Command line (Linux/Mac)
echo -n "Hello World" | base64        # SGVsbG8gV29ybGQ=
echo "SGVsbG8gV29ybGQ=" | base64 -d  # Hello World

# PHP
base64_encode("Hello World")   // "SGVsbG8gV29ybGQ="
base64_decode("SGVsbG8gV29ybGQ=")  // "Hello World"

Common Use Cases

Base64 encoding solves specific problems in data transmission. Here are the most important use cases:

1. Embedding Images in HTML/CSS (Data URIs)

Small images (icons, logos under 10KB) can be embedded directly in HTML or CSS, eliminating an HTTP request:

<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEU..." />

/* CSS background */
.icon { background-image: url(data:image/svg+xml;base64,PHN2ZyB4...); }

2. Email Attachments (MIME)

Email protocols (SMTP) were designed for 7-bit ASCII text. Base64 encoding allows binary files (images, PDFs, executables) to be transmitted as text within email messages. The MIME standard uses Base64 as its primary encoding for attachments.

3. API Authentication

HTTP Basic Authentication encodes credentials in Base64:

# Authorization header format
Authorization: Basic base64(username:password)

# Example
Authorization: Basic dXNlcjpwYXNz  # "user:pass"

# ⚠️ Base64 is NOT encryption! Always use HTTPS with Basic Auth

4. JWT Tokens

JSON Web Tokens use Base64URL encoding (URL-safe variant) for their header, payload, and signature sections:

# JWT structure: header.payload.signature
eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiam9obiJ9.abc123...

# Each section is Base64URL-encoded JSON
# Header: {"alg":"HS256"}
# Payload: {"user":"john"}

5. Storing Binary Data in JSON/XML

JSON and XML don't natively support binary data. Base64 encoding lets you embed files, images, or encrypted data within these text-based formats.

Base64 in APIs and Web Development

Modern APIs frequently use Base64 for file uploads, webhook payloads, and configuration data:

// File upload via JSON API
const fileData = await readFile("photo.jpg");
const base64Data = fileData.toString("base64");

fetch("/api/upload", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    filename: "photo.jpg",
    content: base64Data,
    contentType: "image/jpeg"
  })
});

// GitHub API: creating/updating files requires Base64 content
// Stripe API: webhook signatures use Base64
// AWS S3: pre-signed URLs include Base64-encoded policies

Performance Considerations

Base64 encoding comes with trade-offs that every developer should understand:

33% size increase — Base64 output is always ~33% larger than the input because 3 bytes become 4 characters. A 100KB image becomes ~133KB in Base64.
Data URI trade-offs — While embedding small images eliminates HTTP requests, Base64-encoded images can't be cached separately and increase HTML/CSS file size.
Threshold rule — Generally, only embed images smaller than 10KB as data URIs. Larger files should be served as separate resources with proper caching.
CPU overhead — Encoding/decoding is fast but not free. Avoid unnecessary Base64 operations in performance-critical loops.
Memory usage — Decoding large Base64 strings (e.g., video files) in-memory can cause spikes. Use streaming approaches for large data.

# Size comparison
Original file:  75,000 bytes (75 KB)
Base64 encoded: 100,000 bytes (100 KB) — 33% larger
Gzipped Base64:  76,000 bytes (76 KB) — compression helps but still bigger

# Rule of thumb: if size matters, transmit binary directly
# Use multipart/form-data instead of Base64 for large file uploads

Base64 Variants and URL-Safe Encoding

Standard Base64 uses + and / characters that have special meaning in URLs and filenames. Several variants exist to address this:

Base64URL — Replaces + with - and / with _. Omits padding =. Used in JWTs, URL parameters, and filenames.
MIME Base64 — Standard Base64 with line breaks every 76 characters. Used in email (RFC 2045).
PEM Base64 — Used for SSL certificates and keys with header/footer lines.

# Standard Base64 vs Base64URL
Standard:  "abc+/==" (contains +, /, =)
URL-safe:  "abc-_"   (URL-safe characters, no padding)

# URL encoding standard Base64 breaks it:
# "abc+/==" → "abc%2B%2F%3D%3D" (ugly and longer)
# Better to use Base64URL from the start

When working with URLs, query parameters, or filenames, always use the URL-safe Base64 variant. Our Base64 Encoder supports both standard and URL-safe encoding. For URL-specific encoding needs, check out our URL Encoder.

Key Takeaways

Base64 converts binary data to ASCII text using a 64-character alphabet—it's encoding, not encryption.
Every 3 bytes of input becomes 4 Base64 characters, resulting in a 33% size increase.
Common uses include data URIs, email attachments, API authentication, JWTs, and JSON file embedding.
Use Base64URL (with - and _) for URLs, tokens, and filenames.
Only embed small files (<10KB) as Base64 data URIs; use binary transfer for larger files.

Related Tools

Base64 Encoder URL Encoder