What Is Base64?
Base64 turns binary data into a safe ASCII string so it can travel through systems that only understand text. Here is what it is, how it works, and where you will encounter it.
The problem Base64 solves
Many protocols — email, HTTP headers, URLs, XML, JSON — were designed for text. Binary data (images, files, encrypted bytes) contains bytes that text systems interpret as control characters or special syntax, which breaks things. Base64 solves this by converting any binary data into a string of 64 printable, universally safe ASCII characters.
The result is always made of A–Z, a–z, 0–9, + and / — characters with no special meaning in text protocols. This makes it safe to embed in email, HTML, JSON, HTTP headers, or any other text format.
How it works
Base64 processes input 3 bytes at a time. Those 3 bytes (24 bits) are split into four 6-bit groups. Each 6-bit group maps to one of 64 characters (2&sup6; = 64). If the input is not a multiple of 3 bytes, = padding is added.
Example: “Hi” → Base64
H = 01001000 i = 01101001
Split into 6-bit groups: 010010 000110 100100 (padded)
Map to alphabet: S G k =
“Hi” → “SGk=”
Where Base64 appears
- Email attachments — MIME encodes attachments in Base64 so binary files travel through mail servers designed for text
- Data URIs —
src="data:image/png;base64,iVBORw0..."embeds images directly in HTML or CSS - HTTP Basic Auth —
Authorization: Basic base64(username:password) - JWT tokens — the header and payload sections are Base64Url encoded (the three dot-separated parts)
- API responses — binary files returned by APIs are often Base64-encoded JSON strings
- TLS certificates — PEM format wraps Base64-encoded certificate data between
-----BEGIN CERTIFICATE-----lines
Base64 is not encryption
This is the most important thing to understand about Base64. It is reversible by anyone without a key. Anyone who sees a Base64 string can decode it immediately. It is a transport encoding, not a security mechanism. If you need to protect data, use encryption (AES, RSA, etc.) — Base64 by itself adds no security whatsoever.
Base64Url — the URL-safe variant
Standard Base64 uses + and /, which have special meaning in URLs. Base64Url replaces these with - and _, and typically omits = padding. JWT tokens use Base64Url.
The size overhead is roughly 33%: every 3 bytes of input produces 4 characters of output. A 100KB image encoded in Base64 becomes approximately 133KB.
Try Base64 encoding and decoding
Encode any text to Base64 or decode a Base64 string. Free, instant, no sign-up.
Open Base64 Tool →Frequently asked questions
What is Base64 encoding?
Base64 is an encoding scheme that converts binary data into a string of 64 printable ASCII characters (A-Z, a-z, 0-9, + and /). It is used to transport binary data safely through systems designed to handle only text, such as email, URLs, HTML, JSON, and HTTP headers.
Why is it called Base64?
The name comes from the number of characters used in the encoding: 64. The alphabet consists of uppercase A-Z (26), lowercase a-z (26), digits 0-9 (10), plus (+) and slash (/), giving exactly 64 characters. Each character represents 6 bits of data (since 2^6 = 64).
Where is Base64 used in the real world?
Base64 appears in: email attachments (MIME encoding), embedding images in HTML or CSS as data URIs, HTTP Basic Authentication headers, JWT (JSON Web Token) payloads and headers, storing binary data in JSON APIs, XML-based data exchange, and cryptographic certificates (PEM format). If you have ever seen a long string of random-looking characters ending in == in a URL or API response, it is likely Base64.
How does Base64 encoding work?
Base64 takes 3 bytes (24 bits) of input and splits them into 4 groups of 6 bits each. Each 6-bit group maps to one character from the 64-character alphabet. If the input length is not a multiple of 3, padding characters (=) are added to make the output length a multiple of 4. The result is always plain ASCII text.
Is Base64 the same as encryption?
No. Base64 is reversible by anyone without a key — it is an encoding, not encryption. It does not protect data. Its purpose is compatibility: making binary data safe for text-based systems. Do not use Base64 to hide or secure sensitive information. For security, use proper encryption (AES, RSA, etc.).
What is the difference between Base64 and Base64Url?
Standard Base64 uses + and / as two of its 64 characters. These characters have special meaning in URLs, so Base64Url replaces + with - and / with _ to make the encoding URL-safe. It also typically omits padding (=). JWT tokens use Base64Url encoding. When decoding a Base64 string that came from a URL, use a Base64Url decoder to handle these differences.