Base64 encoding explained — what it is and when to use it

By ToolBite TeamLast updated:

Base64 appears everywhere in web development — API tokens, email attachments, data URIs, JWT tokens — yet many developers use it without understanding what it actually does. This guide explains it clearly.

Best for: developers working with APIs, email systems, JWT tokens, or embedding images/files in HTML and CSS.

What is Base64?

Base64 is an encoding scheme that converts binary data into a string of 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It was designed to safely transmit binary data over text-based systems like email (SMTP) and HTTP headers that were not designed to handle raw bytes.

The name "Base64" comes from the fact that it uses 64 distinct characters to represent data. Each Base64 character encodes 6 bits of data (2⁶ = 64).

How does Base64 encoding work?

  1. Take the binary input (e.g., the bytes of an image or a string).
  2. Group the bytes into 3-byte chunks (24 bits).
  3. Split each 24-bit chunk into four 6-bit groups.
  4. Map each 6-bit group to one of the 64 Base64 characters.
  5. Pad with = characters if the input length is not divisible by 3.

Example: the string Hi! encodes to SGkh in Base64. The encoded output is always about 33% larger than the original.

Common use cases

Base64 is NOT encryption

This is the most important thing to understand: Base64 is reversible by anyone, instantly, with no key required. It provides zero security. Never use Base64 to "hide" passwords, API secrets, or sensitive data.

A common mistake is to see a Base64 string and assume it is encrypted. It is not — it is just encoded for safe transport. Anyone can decode it in seconds.

For actual security, use proper encryption (AES-256) or hashing (SHA-256, bcrypt for passwords).

Base64 vs Base64url

Standard Base64 uses + and / which are special characters in URLs. Base64url replaces them with - and _ to make the output safe for use in URLs and HTTP headers without percent-encoding. JWT tokens use Base64url.

How to encode and decode in your browser

  1. Open ToolBite's Base64 encoder & decoder.
  2. Paste your text or string into the input box.
  3. Click Encode to get the Base64 output, or paste a Base64 string and click Decode to get the original.
  4. Copy the result — it never leaves your browser tab.

Quick reference

Continue with related resources