Skip to main content
ToolFlip
Back to Blog

Understanding Base64 Encoding and When to Use It

What Base64 Does

Base64 converts binary data into a string of 64 printable ASCII characters: A–Z, a–z, 0–9, +, and / (plus = for padding). That is the entire idea.

Why would you want to do this? Because many systems — email protocols, JSON, HTML attributes, URLs — are designed to carry text, not arbitrary binary data. A JPEG image, a PDF, or even a simple file with non-ASCII characters will break if you try to shove it through a text-only channel. Base64 gives you a safe text representation of any binary data.

How It Works

Base64 processes input 3 bytes (24 bits) at a time, splitting them into four 6-bit groups. Each 6-bit group maps to one of 64 characters. If the input length is not a multiple of 3, the output is padded with = characters.

Example: the text "Hi" (two bytes: 0x48, 0x69):

  1. Binary: 01001000 01101001
  2. Pad to 24 bits: 01001000 01101001 00000000
  3. Split into 6-bit groups: 010010 000110 100100 000000
  4. Map to characters: S, G, k, =
  5. Result: SGk=

The = at the end signals one byte of padding was added. == means two bytes of padding.

Common Use Cases

Embedding Images in HTML/CSS

Instead of linking to an external image file, you can inline it as a data URI:

<img src="data:image/png;base64,iVBORw0KGgo..." alt="icon" />

This eliminates an HTTP request but increases the HTML size by roughly 33%. Good for small icons (under 2KB), bad for photos.

HTTP Basic Authentication

The Authorization header encodes credentials as Base64:

Authorization: Basic dXNlcjpwYXNzd29yZA==

That decodes to user:password. This is encoding, not encryption — anyone who intercepts the header can decode it. Always use HTTPS with Basic Auth.

Email Attachments (MIME)

Email was designed for 7-bit ASCII text. Binary attachments are Base64-encoded in MIME format, which is why email attachments are larger than the original file.

JSON Payloads

APIs sometimes include binary data (file contents, images, cryptographic signatures) inside JSON. Since JSON only supports text, the binary data is Base64-encoded into a string field.

JWTs

JSON Web Tokens use Base64URL encoding (a URL-safe variant) for the header and payload sections. A Base64 decoder can reveal the contents of any JWT — though a dedicated JWT decoder is more convenient for inspecting claims.

Base64 vs. URL Encoding

These solve different problems:

  • Base64 converts binary data to text. Use it when the data might contain non-text bytes.
  • URL encoding escapes special characters in URLs. Use it when text contains characters that have special meaning in URLs (&, =, ?, spaces).

A URL might contain Base64 data that is also URL-encoded — these layers serve different purposes.

Base64 is NOT Encryption

This is the most common misconception. Base64 is a reversible encoding — anyone can decode it. It provides zero security. Do not use Base64 to "hide" passwords, API keys, or sensitive data.

If you need to protect data:

  • In transit: Use HTTPS/TLS
  • At rest: Use AES encryption
  • For passwords: Use bcrypt, scrypt, or Argon2 (these are hashing algorithms, not encoding)

The 33% Size Increase

Every 3 bytes of input become 4 bytes of output. This means Base64-encoded data is always approximately 33% larger than the original. For a 1MB file, the encoded version is about 1.33MB.

This overhead matters for:

  • Email attachments: Your 10MB file becomes a 13.3MB encoded payload
  • Inline images: A 50KB icon becomes 67KB of HTML
  • API payloads: Large Base64 fields bloat request/response sizes

Base64URL: The URL-Safe Variant

Standard Base64 uses + and /, which have special meaning in URLs. Base64URL replaces them:

  • + becomes -
  • / becomes _
  • Padding = is often omitted

JWTs use Base64URL. Some APIs specify Base64URL instead of standard Base64. Check the documentation.

Quick Encoding and Decoding

Command line:

# Encode
echo -n "Hello, World!" | base64

# Decode
echo "SGVsbG8sIFdvcmxkIQ==" | base64 -d

In the browser: Use ToolFlip's Base64 encoder/decoder for instant encoding and decoding with no server uploads. Paste text or Base64 and convert in either direction.

In code:

// JavaScript
btoa("Hello")        // encode
atob("SGVsbG8=")     // decode

// Python
import base64
base64.b64encode(b"Hello")
base64.b64decode("SGVsbG8=")

When Not to Use Base64

  • Large files: The 33% overhead adds up. Transfer binary files as binary.
  • Security: Base64 is not encryption. Never use it to protect sensitive data.
  • Images on the web: Use standard image files with proper caching. Inline Base64 images cannot be cached separately.
  • When the transport supports binary: WebSockets, gRPC, and file uploads handle binary natively.

Base64 is a tool for compatibility, not optimization. Use it when you must pass binary through a text-only channel, and avoid it everywhere else.

Related Tools

Base64 Encoder DecoderUrl Encoder DecoderHash Generator