ToolskuyAll Tools
Developer February 28, 2026 6 min read

Base64 Encoding Explained: What It Is and When to Use It

Understand how Base64 encoding works, why it's used in APIs and emails, and common pitfalls to avoid.

Base64 is one of those concepts that developers encounter almost daily — in API authentication headers, in email attachments, in embedded images, and in JWT tokens — yet many never fully understand what it is or why it exists. This guide explains Base64 from first principles so you can use it confidently and avoid common pitfalls.

What Is Base64?

Base64 is a binary-to-text encoding scheme. It converts arbitrary binary data (files, images, binary strings) into a string that contains only 64 safe ASCII characters: A–Z, a–z, 0–9, +, and / (plus = for padding). The output is always printable text, which makes it safe to embed in formats that only support text.

The name "Base64" comes from the 64-character alphabet used. Every 3 bytes of binary input are converted into 4 Base64 characters, which means Base64 output is always about 33% larger than the original binary. This is a key trade-off to understand.

Why Base64 Exists — The Problem It Solves

Many protocols and data formats were designed decades ago for plain text — not binary data. Examples include:

  • Email (SMTP/MIME): The original email protocol only supported 7-bit ASCII. To send an image or PDF, the binary file had to be converted to text first.
  • HTTP headers: HTTP headers must be ASCII text. API credentials sent in Authorization: Basic headers are Base64-encoded username:password strings.
  • JSON and XML: These formats are text-only. To embed binary data (like a file or image), it must be encoded as a text string.
  • URL query parameters: URLs cannot contain arbitrary binary bytes. Base64 (or URL-safe Base64) encodes binary for safe transport in URLs.

Common Use Cases

  • Embedding images in HTML/CSS: data:image/png;base64,iVBORw0K... — embed an image directly without a separate file request. Useful for small icons.
  • Encoding API payloads: When an API needs to accept binary file content in a JSON body, the file bytes are Base64-encoded and sent as a string field.
  • HTTP Basic Auth: Authorization: Basic dXNlcjpwYXNz — the credential is username:password encoded in Base64.
  • JWT tokens: JWT (JSON Web Tokens) use URL-safe Base64 to encode the header and payload portions of the token.
  • Storing binary in databases: SQL databases store text columns natively, so binary blobs are sometimes Base64-encoded for compatibility.

How to Encode and Decode Base64 in JavaScript

Browsers and Node.js both provide built-in Base64 functions:

  • Encode: btoa("hello world")"aGVsbG8gd29ybGQ="
  • Decode: atob("aGVsbG8gd29ybGQ=")"hello world"

For encoding binary data (like a file's ArrayBuffer), use the Uint8Array approach rather than btoa directly, as btoa only handles Latin-1 characters safely.

URL-Safe Base64

Standard Base64 uses + and / characters, which have special meaning in URLs. For URL contexts (like JWT tokens or file names), URL-safe Base64 replaces + with - and / with _. You may also see the = padding removed. Most JWT libraries handle this automatically.

Important Limitations and Misconceptions

  • Base64 is NOT encryption. It's an encoding — anyone who receives Base64 data can decode it trivially. Never use it to "hide" passwords or sensitive data.
  • 33% size overhead. A 1 MB file becomes ~1.33 MB in Base64. For large files embedded in HTML using data URIs, this can significantly inflate page size and hurt performance.
  • No integrity checking. Base64 doesn't detect corruption. If a Base64 string is truncated or modified, the decoded result will be wrong with no error signal (unless you use checksums separately).
  • Performance impact for large data. Encoding/decoding very large files (>5 MB) in Base64 is CPU-intensive in the browser and should be avoided when a direct binary upload is possible.

When to Use Base64 vs. Direct Binary Transfer

Use Base64 when you must transport binary through a text-only channel. If you're building a modern REST API and need to accept file uploads, use multipart/form-data instead — it's more bandwidth-efficient and doesn't require encoding/decoding overhead on either end.

Encode and Decode Instantly

Encode and decode Base64 with no server upload using the Toolskuy Base64 Tool. Paste your text or binary string and get both encoded and decoded output instantly, with support for Unicode and UTF-8 characters.

Try these free tools

Base64 Encode/DecodeJWT DecoderURL Encoder/Decoder
Back to Blog