Base64 Encoding Explained: What It Is and How to Use It

Base64 shows up everywhere in APIs, auth headers, and file uploads. Here's a plain-English explanation with examples.

Base64 Encoding Explained: What It Is and How to Use It

What is Base64 Encoding?

Base64 is a binary-to-text encoding scheme that converts binary data into a string of printable ASCII characters. It's called "Base64" because it uses 64 characters to represent data: A–Z, a–z, 0–9, and the symbols + and / (with = used for padding).

Base64 does not encrypt data. It's an encoding, not encryption. Anyone can decode a Base64 string instantly.

Why Does Base64 Exist?

Many systems — email protocols, HTTP headers, URLs, XML, HTML — were designed to handle text, not arbitrary binary data. If you try to embed binary data (like an image or a file) directly into these systems, it can get corrupted because certain byte values have special meaning.

Base64 solves this by converting binary into a safe set of printable text characters that can travel through any text-based system without corruption.

Where is Base64 Used in Development?

HTTP Basic Authentication

The Authorization header for Basic Auth encodes credentials as Base64:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Decode that and you get username:password. Again — not encrypted, just encoded.

Embedding Images in HTML/CSS

Small images can be embedded directly in HTML or CSS as Base64 data URIs to avoid extra HTTP requests:

<img src="data:image/png;base64,iVBORw0KGgo...">

JSON Web Tokens (JWT)

JWT headers and payloads are Base64URL-encoded — a URL-safe variant of Base64 that replaces + with - and / with _.

API Payloads

When an API needs to transmit binary data — file uploads, certificates, cryptographic keys — inside a JSON payload, Base64 is the standard way to encode it:

{
  "filename": "report.pdf",
  "content": "JVBERi0xLjQKJcfs..."
}

Email Attachments

MIME email attachments are Base64-encoded so binary files can be sent through text-based email protocols without corruption.

How Does Base64 Encoding Work?

Base64 takes every 3 bytes of input (24 bits) and splits them into 4 groups of 6 bits each. Each 6-bit group maps to one of the 64 Base64 characters. This means Base64-encoded output is always approximately 33% larger than the original input.

Example:

  • Input: Man (3 bytes)
  • Binary: 01001101 01100001 01101110
  • Split into 6-bit groups: 010011 010110 000101 101110
  • Base64 output: TWFu

Base64 vs Base64URL

Standard Base64 uses + and / which have special meaning in URLs. Base64URL replaces them with - and _ to make the encoded string safe to use in URLs and HTTP headers without percent-encoding. JWTs always use Base64URL.

How to Encode and Decode Base64 Online

Use the free Base64 Encoder/Decoder at MockServer:

  1. Paste your text into the input field
  2. Click Encode to get the Base64 string
  3. Or paste a Base64 string and click Decode to get the original text

Everything runs in your browser — your data is never sent to a server.

Is Base64 Secure?

No. Base64 is trivially reversible by anyone. Never use it as a security measure. If you need to protect data, use actual encryption (AES, RSA) or hashing (bcrypt, SHA-256). Base64 is purely for encoding compatibility, not security.

Try It Free

Use our free Base64 Encoder & Decoder — instant, browser-based, no signup required.