What Is Base64 Encoding? A Plain-English Guide for Developers
If you've worked with APIs, JWTs, email attachments, or image data URIs, you've encountered Base64. It looks like gibberish — but it has a specific purpose and a very simple structure. This guide explains what Base64 is, how it works, and when to use it.
What Is Base64?
Base64 is an encoding scheme that converts binary data (bytes) into a string of printable ASCII characters. It uses 64 characters: the uppercase letters A–Z, lowercase letters a–z, digits 0–9, plus the symbols + and /, with = used as padding.
Here's a quick example:
Original text
Hello, World! Base64 encoded
SGVsbG8sIFdvcmxkIQ== Why Does Base64 Exist?
Binary data — images, audio, compressed files — contains byte values from 0 to 255. Many text-based systems (email protocols like SMTP, XML, JSON, HTTP headers) were designed to handle only printable ASCII characters. Sending raw binary through these systems can corrupt the data because certain byte values have special meanings (like newlines or null characters).
Base64 solves this by converting any binary input into safe, printable characters that can travel through any text-based system without corruption. The trade-off is size: Base64 output is about 33% larger than the original binary.
Key point
Base64 is an encoding, not an encryption. Anyone who receives Base64 data can decode it instantly. Never use Base64 to "hide" sensitive data — it provides no security.
Common Use Cases
Email attachments (MIME)
SMTP was designed for plain text. When you attach a file to an email, your mail client Base64-encodes it before sending. The receiving client decodes it back.
Data URIs for images
Web pages can embed images directly in HTML or CSS as Base64 strings instead of separate files: <img src="data:image/png;base64,iVBOR...">. This avoids an extra HTTP request for small icons or thumbnails.
JSON Web Tokens (JWT)
JWTs are three Base64-encoded sections (header, payload, signature) joined by dots. The payload carries user claims like user ID and role in a format safe to include in HTTP headers.
API authentication
HTTP Basic Auth sends credentials as Base64: Authorization: Basic dXNlcjpwYXNzd29yZA==. Again — not secure on its own without HTTPS, since it's trivially decoded.
Binary data in JSON/XML
JSON cannot contain raw binary. When an API returns image data or file content in a JSON response, it Base64-encodes it first.
How to Encode and Decode Base64
In the browser (online tool)
Use our Base64 Encoder/Decoder to convert text or files instantly — no software required.
In JavaScript
// Encode
const encoded = btoa('Hello, World!');
// → "SGVsbG8sIFdvcmxkIQ=="
// Decode
const decoded = atob('SGVsbG8sIFdvcmxkIQ==');
// → "Hello, World!"
// For binary/file data, use Uint8Array or Buffer instead of btoa/atob In Python
import base64
# Encode
encoded = base64.b64encode(b'Hello, World!').decode('utf-8')
# → 'SGVsbG8sIFdvcmxkIQ=='
# Decode
decoded = base64.b64decode('SGVsbG8sIFdvcmxkIQ==').decode('utf-8')
# → 'Hello, World!' In the command line
# Encode (macOS/Linux) echo -n 'Hello, World!' | base64 # Decode (macOS/Linux) echo 'SGVsbG8sIFdvcmxkIQ==' | base64 --decode
Base64 vs Base64URL
Standard Base64 uses + and /, which are special characters in URLs. Base64URL is a URL-safe variant that replaces + with - and / with _, and omits padding =. JWTs use Base64URL.
Encode or decode Base64 instantly