Published February 18, 2025 · 6 min read

Base64 Encode/Decode Explained

If you've worked with APIs, emails, or web development, you've seen Base64 strings — those long sequences of letters, numbers, and occasional plus signs and slashes. They look like encryption but they're not. Base64 is an encoding scheme that converts binary data into ASCII text. Understanding it is fundamental to modern web development.

What Is Base64?

Base64 is a binary-to-text encoding scheme that represents binary data using 64 ASCII characters: A-Z, a-z, 0-9, +, and /, with = used for padding. It takes every 3 bytes of binary data and converts them into 4 ASCII characters.

For example, the text "Hello" becomes SGVsbG8= in Base64.

The key thing to understand: Base64 is not encryption. It provides no security whatsoever. Anyone can decode a Base64 string instantly. Its purpose is to safely transport binary data through text-only channels.

Why Does Base64 Exist?

Many systems were designed to handle only ASCII text — email (SMTP), HTML, JSON, XML, and URLs. These systems choke on raw binary data (images, files, special characters). Base64 solves this by converting any binary data into safe ASCII characters that can travel through these text-only channels without corruption.

Email attachments — SMTP was designed for 7-bit ASCII text. Base64 lets you attach images, PDFs, and other files to emails.
Data URIs — Embed images directly in HTML/CSS: data:image/png;base64,iVBOR...
API payloads — Send binary data in JSON, which only supports text strings.
Authentication headers — HTTP Basic Auth encodes credentials as Base64.
JWT tokens — The header and payload sections use Base64URL encoding.
Storing binary in databases — Text columns can store Base64-encoded binary data.

How to Encode and Decode Base64

Open the Base64 encoder/decoder.
Paste your text or Base64 string.
Get instant results — encode to Base64 or decode back to the original.

Try it now — encode or decode Base64 instantly in your browser.

Base64 Encoder/Decoder →

How Base64 Works Under the Hood

The encoding process works in three steps:

Convert to binary — Each byte of input is converted to its 8-bit binary representation.
Split into 6-bit groups — The binary stream is divided into groups of 6 bits (because 2^6 = 64 characters in the Base64 alphabet).
Map to characters — Each 6-bit value (0-63) maps to a character in the Base64 alphabet.

Since 3 bytes (24 bits) divide evenly into 4 groups of 6 bits, Base64 processes data in 3-byte chunks. If the input isn't a multiple of 3 bytes, padding (=) is added.

This means Base64-encoded data is always about 33% larger than the original. Three bytes of input become four characters of output.

Base64 vs Base64URL

Standard Base64 uses + and / characters, which have special meaning in URLs. Base64URL is a variant that replaces these:

+ becomes -
/ becomes _
Padding = is often omitted

Base64URL is used in JWT tokens, URL parameters, and filenames — anywhere the standard characters would cause problems.

Common Base64 Use Cases for Developers

Embedding Images in HTML/CSS

<img src="data:image/png;base64,iVBORw0KGgo..." />

This eliminates an HTTP request but increases HTML size. Best for small images (icons, logos under 10KB). For larger images, regular file references are more efficient.

Our Image to Base64 converter makes this easy — drop an image and get the data URI ready to paste.

HTTP Basic Authentication

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

The string after "Basic" is just username:password encoded in Base64. Remember: this is NOT encryption. Always use HTTPS with Basic Auth.

Storing Binary Data in JSON

{
  "filename": "document.pdf",
  "content": "JVBERi0xLjQKMS..."
}

JSON doesn't support binary data natively. Base64 encoding lets you embed file content in JSON payloads.

Base64 Misconceptions

"Base64 is encryption" — No. It's encoding. There's no key, no secret. Anyone can decode it instantly.
"Base64 compresses data" — No. It makes data 33% larger. It's the opposite of compression.
"Base64 is obsolete" — Not at all. It's used more than ever in modern APIs, JWTs, data URIs, and email.
"You should Base64-encode passwords" — No. Use proper hashing (bcrypt, Argon2) for passwords. Base64 provides zero security.

Related Tools

Image to Base64 — Convert images to Base64 data URIs.
JWT Decoder — Decode Base64URL-encoded JWT tokens.
Hash Generator — Generate actual cryptographic hashes (unlike Base64).
JSON Formatter — Format and validate JSON data.

All tools on This 2 That work in your browser. No data is ever sent to a server.