WebToolsBox
Back to Blog
Developer Tools8 min read·March 20, 2026

What Is Base64 Encoding? Complete Guide with Examples

Learn everything about Base64 encoding and decoding. Understand how it works, when to use it, and how to encode/decode Base64 online for free.

What Is Base64 Encoding?

Base64 is a binary-to-text encoding scheme that converts binary data into a string of ASCII characters. The name "Base64" comes from the fact that it uses 64 different printable characters to represent binary data. These characters are: A–Z (26 uppercase letters), a–z (26 lowercase letters), 0–9 (10 digits), + (plus), and / (forward slash). An additional character, =, is used as padding.

Base64 was designed to solve a specific problem: how do you safely transmit binary data (like images or files) through systems that were designed to handle only plain text? Email servers, for instance, were originally built to handle ASCII text only. If you tried to attach a binary file directly, the data would often get corrupted in transit.

Why Was Base64 Invented?

The origins of Base64 trace back to the early days of the internet and email. The MIME (Multipurpose Internet Mail Extensions) standard, introduced in the early 1990s, needed a way to encode binary attachments so they could travel safely through email servers that only understood 7-bit ASCII text.

Before Base64, sending an image or a document via email meant the data might get corrupted because some email servers would strip or modify certain byte values. Base64 solved this by ensuring that every byte of binary data was represented using only safe, printable ASCII characters.

Today, Base64 is used far beyond email. It is a foundational encoding used across the web, in security protocols, in APIs, and in virtually every modern application.

How Does the Base64 Algorithm Work?

The Base64 encoding process works by taking groups of 3 bytes (24 bits) of binary data and converting them into 4 Base64 characters (each representing 6 bits). Here is the step-by-step process:

  • Take 3 bytes of binary data (24 bits total)
  • Split into 4 groups of 6 bits each
  • Map each 6-bit value to the Base64 character table
  • Output 4 characters for every 3 bytes of input

    • The Base64 Character Table

    The 64 characters used in Base64 encoding are mapped as follows:

    • Values 0–25 → A to Z (uppercase)
    • Values 26–51 → a to z (lowercase)
    • Values 52–61 → 0 to 9 (digits)
    • Value 62 → + (plus sign)
    • Value 63 → / (forward slash)
    • Padding → = (equals sign)

    Example: Encoding "Man"

    Let's encode the ASCII string "Man":

    • M = 77 = 01001101
    • a = 97 = 01100001
    • n = 110 = 01101110

    Combined bits: 010011010110000101101110

    Split into 4 groups of 6: 010011

    010110000101
    101110

    Decimal values: 19, 22, 5, 46

    Base64 characters: T, W, F, u → "TWFu"

    When the input length is not a multiple of 3, padding characters (=) are added to make the output length a multiple of 4.

    Common Use Cases for Base64

    Base64 encoding appears in many everyday web development scenarios:

    1. Email Attachments (MIME)

    The original use case. All email attachments — PDFs, images, Word documents — are Base64-encoded before being embedded in the email body. Your email client decodes them automatically when you open or download the file.

    2. Images in CSS and HTML (Data URIs)

    You can embed images directly into CSS or HTML using Data URIs, which use Base64:

    This eliminates a separate HTTP request for small icons or logos, which can improve page load performance.

    3. JWT Tokens (JSON Web Tokens)

    JWT tokens consist of three Base64URL-encoded parts: the header, the payload, and the signature. When you log into a modern web application, the server often returns a JWT that your browser stores and sends with each subsequent request.

    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

    4. API Authentication (Basic Auth)

    HTTP Basic Authentication sends credentials as a Base64-encoded string in the Authorization header:

    Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

    This decodes to "username:password". Note: This is only safe over HTTPS.

    5. Storing Binary Data in JSON

    JSON cannot natively represent binary data. When an API needs to return binary content (like a thumbnail image) in a JSON response, it Base64-encodes it first.

    6. Fonts in CSS

    Web fonts can be embedded directly in CSS stylesheets using Base64 encoding, reducing the number of HTTP requests.

    Base64 vs Base64URL — What's the Difference?

    Standard Base64 uses the characters + and /, which have special meanings in URLs. Base64URL is a variant that replaces:

    • + with - (hyphen)
    • / with _ (underscore)
    • Omits padding = characters (or makes them optional)

    Base64URL is used in JWT tokens, OAuth tokens, and any context where the encoded string needs to be safely included in a URL without percent-encoding.

    Standard Base64: aGVsbG8+d29ybGQ=

    Base64URL: aGVsbG8-d29ybGQ

    Is Base64 Encryption? (Important Security Note)

    No. Base64 is NOT encryption. This is one of the most common and dangerous misconceptions in web development. Base64 is a simple encoding scheme — it is completely reversible by anyone without any key or password. If you Base64-encode sensitive data and expose it, anyone can decode it in seconds.

    • Encoding transforms data into a different format for compatibility — it has no security value
    • Encryption uses a secret key to make data unreadable to anyone without that key

    Never use Base64 to "hide" passwords, API keys, or sensitive user data. Use proper encryption algorithms like AES-256 or hash functions like bcrypt for passwords.

    How to Encode and Decode Base64 in JavaScript

    JavaScript (modern browsers and Node.js) has built-in functions for Base64 encoding:

    // Encoding a string to Base64
    

    const original = "Hello, WebToolsBox!";
    

    const encoded = btoa(original);
    

    console.log(encoded); // "SGVsbG8sIFdlYlRvb2xzQm94IQ=="
    // Decoding Base64 back to a string
    

    const decoded = atob(encoded);
    

    console.log(decoded); // "Hello, WebToolsBox!"
    // For binary data or Unicode strings, use Buffer in Node.js
    

    const buf = Buffer.from("Hello, World!", "utf8");
    

    const base64 = buf.toString("base64");
    

    console.log(base64); // "SGVsbG8sIFdvcmxkIQ=="
    // Decode back
    

    const original2 = Buffer.from(base64, "base64").toString("utf8");
    

    console.log(original2); // "Hello, World!"

    Note: btoa() and atob() in browsers do not handle Unicode characters above code point 255 directly. For full Unicode support, you need a workaround using encodeURIComponent before encoding.

    How to Encode and Decode Base64 in Python

    Python's built-in base64 module makes encoding and decoding straightforward:

    import base64
    # Encoding
    

    original = "Hello, WebToolsBox!"
    

    encoded = base64.b64encode(original.encode("utf-8"))
    

    print(encoded)  # b'SGVsbG8sIFdlYlRvb2xzQm94IQ=='
    # Decoding
    

    decoded = base64.b64decode(encoded).decode("utf-8")
    

    print(decoded)  # Hello, WebToolsBox!
    # Base64URL encoding (safe for URLs)
    

    url_safe = base64.urlsafe_b64encode(original.encode("utf-8"))
    

    print(url_safe)  # b'SGVsbG8sIFdlYlRvb2xzQm94IQ=='

    Common Mistakes with Base64

    Mistake 1: Using Base64 for security

    As discussed above, Base64 is not encryption. Never treat it as a security measure.

    Mistake 2: Double-encoding

    Sometimes developers accidentally encode data that is already Base64-encoded, producing strings like U0dWc2JHOD0=. Always check if data is already encoded before encoding it again.

    Mistake 3: Forgetting about size overhead

    Base64 increases data size by approximately 33%. Three bytes of binary data become four bytes of Base64 text. For large files or high-volume APIs, this overhead can be significant.

    Mistake 4: Using standard Base64 in URLs

    If you include a standard Base64 string in a URL without URL-encoding it, the + and / characters will be misinterpreted. Always use Base64URL encoding for URL contexts.

    Mistake 5: Not handling padding correctly

    Some implementations strip the trailing = padding. When decoding, make sure you handle (or restore) padding correctly, especially with Base64URL.

    Detecting if a String Is Base64 Encoded

    You can check if a string is likely Base64-encoded with a simple regex:

    function isBase64(str) {
    

      const base64Regex = /^[A-Za-z0-9+/]*={0,2}$/;
    

      return base64Regex.test(str) && str.length % 4 === 0;
    

    }

    Note that this checks the format, not the content — any string of the right characters and length will match.

    Real-World Example: Encoding an Image for a Data URI

    Here is how you would embed a small image directly in HTML using Base64:

    // In Node.js
    

    const fs = require("fs");
    

    const imageBuffer = fs.readFileSync("logo.png");
    

    const base64Image = imageBuffer.toString("base64");
    

    const dataURI = data:image/png;base64,${base64Image};
    // Use in HTML
    

    const imgTag = Logo;

    This technique is useful for small images (under 10KB) where the savings from eliminating an HTTP request outweigh the 33% size overhead of Base64 encoding.

    Try Our Free Base64 Encoder/Decoder

    Ready to encode or decode Base64 data instantly? Our Base64 Encoder/Decoder tool runs entirely in your browser — no data is ever sent to a server. Paste any text or data, switch between encode and decode mode, and copy the result with one click. It's completely free and requires no sign-up.

    #base64 encoding#base64 decoder#encode decode online#data encoding

    Try Our Free Online Tools

    100+ free tools for developers, designers, and everyone. No sign-up required.

    Browse All Tools