What Is Base64 Encoding and How Does It Work?

Base64 is everywhere — in data URLs, email attachments, JWTs, and API payloads — yet most developers use it without knowing what it actually does. Here's a clear explanation.

What Base64 is

Base64 is a way to represent binary data using only 64 printable ASCII characters: A–Z, a–z, 0–9, +, and /. It is not encryption and not compression — it's a reversible text encoding. Anyone can decode it.

Why it exists

Many systems were built to handle text, not arbitrary bytes. Email, URLs, and JSON can choke on raw binary (null bytes, control characters, non-ASCII). Base64 solves this by converting any binary into safe text that survives those channels intact.

How it works

Base64 takes 3 bytes (24 bits) at a time and splits them into 4 groups of 6 bits. Each 6-bit group (a value from 0–63) maps to one character in the Base64 alphabet.

• 3 bytes in → 4 characters out
• That's why Base64 output is always about 33% larger than the input.

When the input isn't a multiple of 3 bytes, Base64 pads the result with = characters so the length is always a multiple of 4.

A quick example

The text Hi (2 bytes) encodes to SGk=. The trailing = is padding because the input wasn't a full 3-byte group.

When to use it

• Embedding images in HTML/CSS as data: URLs
• Encoding binary in JSON or XML payloads
• Email attachments (MIME)
• The header and payload of a JWT

When not to use it

Base64 is not secure. It hides nothing — it's trivially decoded. Never use it to "protect" passwords or secrets. For that you need hashing or encryption.

Try it

Paste any text or Base64 string into the Base64 encoder/decoder to convert it instantly in your browser. Nothing is uploaded — it all runs locally.