Base64 encoding is everywhere in modern software — from embedding images in HTML to transmitting binary data in JSON APIs. Yet many developers use it without fully understanding what it does, when it's appropriate, and when it's not. Let's fix that.
What Is Base64?
Base64 is a binary-to-text encoding scheme that represents binary data using 64 printable ASCII characters (A-Z, a-z, 0-9, +, /). It takes every 3 bytes of input and converts them into 4 ASCII characters. This means Base64-encoded data is always about 33% larger than the original — an important tradeoff to understand.
The name "Base64" comes from the fact that it uses a 64-character alphabet. The padding
character = is used when the input length isn't a multiple of 3.
When to Use Base64
Here are the legitimate, common use cases:
- Embedding images in CSS/HTML: Data URIs like
data:image/png;base64,...let you inline small images directly into markup, avoiding extra HTTP requests. - Email attachments (MIME): Email protocols only support text. Binary attachments (PDFs, images) are Base64-encoded for transmission.
- JSON/XML payloads: When you need to include binary data in a text-based format, Base64 is the standard approach.
- JWT tokens: JSON Web Tokens use Base64URL encoding for the header and payload sections. You can decode them with a JWT decoder.
- Basic HTTP authentication: The
Authorization: Basicheader encodes credentials as Base64.
When NOT to Use Base64
Base64 is frequently misused. Avoid it in these cases:
- As encryption or security: Base64 is NOT encryption. Anyone can decode it instantly. Never use it to "hide" passwords, tokens, or sensitive data.
- Large files: The 33% size increase makes Base64 impractical for large files. Use proper binary transfer (multipart form data, binary protocols) instead.
- Storing images in databases: Store files on disk or in object storage (S3) and reference them by URL. Base64 in a database is almost always a mistake.
How to Encode and Decode
In JavaScript, you can use btoa() to encode and atob() to
decode. In Node.js, use Buffer.from(str).toString('base64') and
Buffer.from(b64, 'base64').toString(). Python has the base64
module, and most languages include built-in support.
For quick one-off encoding and decoding, a browser-based Base64 tool is the fastest option — paste your text, get the result instantly, no code needed.
Base64 vs Base64URL
Standard Base64 uses + and / characters, which are problematic
in URLs and filenames. Base64URL replaces them with - and _ and
omits padding. This variant is used in JWTs, URL parameters, and filenames. Most
encoding tools support both variants.
The Bottom Line
Base64 is a simple, essential tool for converting binary data to text. Use it when you need to embed binary content in text-based formats. Don't use it for security, large files, or database storage. And when you need to quickly encode or decode a string, a browser-based tool gets it done in seconds.