Base64 is one of those things developers use all the time without fully understanding. You see it in data URIs, API authorization headers, file uploads, and email attachments. This guide explains what it actually is, why it exists, and when to use it.
What is Base64?
Base64 is an encoding scheme that converts binary data into a string of 64 printable ASCII characters. The 64 characters used are: A–Z, a–z, 0–9, +, and /, plus = for padding.
The name "Base64" comes from the fact that it uses a base-64 numeral system — each character represents 6 bits of data.
Why Does Base64 Exist?
Many protocols — email (SMTP), HTTP headers, JSON, XML — were originally designed to handle only text. Binary data (images, files, audio) cannot be reliably transmitted through text-based systems because binary bytes can include control characters that break the protocol.
Base64 solves this by converting any binary data into a safe, printable text string that can travel through any text-based system without corruption.
How Base64 Encoding Works
Base64 groups binary data into 3-byte chunks (24 bits) and converts each chunk into 4 Base64 characters (6 bits each). If the input is not divisible by 3, = padding is added.
"Man" in ASCII = 77 97 110 in binary: 01001101 01100001 01101110 Split into 6-bit groups: 010011 010110 000101 101110 = T W F u "Man" → "TWFu"
This is why Base64 output is always about 33% larger than the original input — 3 bytes become 4 characters.
Common Use Cases
1. Embedding images in HTML/CSS (Data URIs)
<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA..." />
This embeds the image directly in the HTML — no separate HTTP request needed. Useful for small icons and logos to reduce request count. Avoid for large images since Base64 inflates file size by 33%.
2. HTTP Basic Authentication
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= // "username:password" encoded as Base64
The credentials are encoded (not encrypted) — always use HTTPS with Basic Auth since Base64 is trivially reversible.
3. File uploads in JSON APIs
{
"filename": "report.pdf",
"content": "JVBERi0xLjQKJeLjz9MKMTYgMCBvYmoK..."
}APIs that accept JSON cannot include raw binary. Base64-encoding the file content lets you send it as a string field in a JSON payload.
4. Email attachments (MIME)
Email protocols transfer attachments as Base64-encoded text in MIME multipart messages. Your email client encodes files before sending and decodes them on receipt automatically.
Base64 vs URL-Safe Base64
Standard Base64 uses + and / which have special meaning in URLs. URL-safe Base64 replaces them:
+becomes-/becomes_- Padding
=is often omitted
URL-safe Base64 is used in JWT tokens and any context where the Base64 string appears in a URL.
Base64 is NOT Encryption
This is the most important thing to understand: Base64 is encoding, not encryption. Anyone can decode a Base64 string instantly. Never use Base64 to protect sensitive data — use proper encryption (AES, RSA) or hashing (bcrypt, Argon2 for passwords) instead.
Encoding and Decoding in JavaScript
// Encode
const encoded = btoa("Hello, World!"); // "SGVsbG8sIFdvcmxkIQ=="
// Decode
const decoded = atob("SGVsbG8sIFdvcmxkIQ=="); // "Hello, World!"
// URL-safe (replace + with - and / with _)
const urlSafe = btoa(str).replace(/+/g, '-').replace(///g, '_').replace(/=/g, '');Try it now: Base64 Encoder / Decoder — encode text, images and files instantly in your browser.