Base64 Encoding Explained: What It Is and How to Use It

If you've worked with APIs, authentication, or data URIs, you've encountered Base64. It looks like random gibberish — a long string of letters, numbers, and symbols — but it's actually a completely reversible encoding. Here's everything you need to know.

What is Base64?

Base64 is an encoding scheme that converts binary data into a text representation using 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It's not encryption — anyone can decode it. Its purpose is to safely transmit binary data over systems designed to handle only text.

Why Does Base64 Exist?

Older communication systems — email protocols, XML parsers, HTTP headers — were designed for plain ASCII text. Sending binary data (like an image or a PDF) through these systems could corrupt the data. Base64 solves this by converting binary into safe text characters.

Common Use Cases

• HTTP Basic Authentication: credentials are Base64-encoded in the Authorization header
• Data URIs: embedding images directly in HTML/CSS as Base64 strings
• JWT tokens: the payload section is Base64-encoded
• Email attachments (MIME): file attachments are Base64-encoded
• Storing binary data in JSON or XML

Base64 in Practice

// Encoding in JavaScript
btoa("Hello, World!")  // "SGVsbG8sIFdvcmxkIQ=="

// Decoding in JavaScript
atob("SGVsbG8sIFdvcmxkIQ==")  // "Hello, World!"

Base64 vs Base64 URL-Safe

Standard Base64 uses + and / characters, which have special meaning in URLs. URL-safe Base64 replaces + with - and / with _, making the encoded string safe to use directly in URLs and filenames without percent-encoding.

Is Base64 Secure?

No. Base64 is not encryption. Anyone can decode a Base64 string in seconds. Never use Base64 to "hide" passwords, API keys, or sensitive data. Always use proper encryption for sensitive information.