What is Base64 Encoding? A Complete Guide

What is Base64?

Base64 is a binary-to-text encoding scheme that represents binary data using a set of 64 printable ASCII characters. It takes any sequence of bytes — whether that is an image, a PDF file, or a chunk of raw binary data — and converts it into a safe, text-only string that can be transmitted through systems designed to handle plain text.

The name "Base64" comes from the fact that it uses exactly 64 characters to represent data. These characters are the uppercase letters A through Z, the lowercase letters a through z, the digits 0 through 9, and the two symbols + and /. A 65th character, =, is used for padding at the end of the output when the input length is not evenly divisible by three.

You have almost certainly encountered Base64 before, even if you did not realize it. Every time you embed an image using a data URL in CSS, send an email with attachments, or inspect a JSON Web Token, Base64 encoding is at work behind the scenes.

Why Base64 Was Invented

Base64 was born out of a practical limitation of early computing systems. In the 1970s and 1980s, email protocols like SMTP were designed to transmit only 7-bit ASCII text. This worked perfectly for English-language messages, but it was a problem when people wanted to send binary data — images, documents, or files of any kind — through email.

Binary data contains byte values from 0 to 255, and many of those values do not correspond to printable characters. Worse, some values are interpreted as control characters by mail servers, which would corrupt the data in transit. Systems would strip high bits, misinterpret newlines, or truncate messages at null bytes.

The solution was defined as part of the MIME (Multipurpose Internet Mail Extensions) standard in the early 1990s. MIME introduced Base64 as a "Content-Transfer-Encoding" that could reliably convert any binary content into safe ASCII characters. The email system could handle these characters without corruption, and the recipient could decode them back to the original binary data. This allowed email to carry images, word documents, ZIP files, and every other kind of attachment that we take for granted today.

How Base64 Encoding Works

The Base64 algorithm processes input data in groups of three bytes at a time. Three bytes equals 24 bits. These 24 bits are then split into four groups of 6 bits each. Since 6 bits can represent values from 0 to 63, each group maps to one of the 64 characters in the Base64 alphabet.

Here is the Base64 alphabet in order:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 + /

For example, the ASCII string Hi! is three bytes: 72, 105, 33. In binary, that is 01001000 01101001 00100001. Splitting those 24 bits into four 6-bit groups gives 010010, 000110, 100100, 100001, which correspond to indices 18, 6, 36, 33 — and those map to the characters SGkh.

When the input length is not a multiple of three, padding is required. If there is one remaining byte, two Base64 characters are produced followed by ==. If there are two remaining bytes, three Base64 characters are produced followed by a single =. For example, encoding the two-character string Hi produces SGk=.

Common Use Cases

Base64 is everywhere in modern web development. Here are the most common places you will encounter it:

• Data URLs: You can embed small images directly in HTML or CSS using data URIs like data:image/png;base64,iVBOR.... This eliminates an extra HTTP request, which can improve performance for small icons and logos.
• API payloads: REST APIs frequently use Base64 to encode binary content within JSON bodies. Since JSON does not support raw binary data, encoding a file upload or thumbnail as Base64 is a common workaround.
• Email attachments: This is the original use case. When you attach a file to an email, your mail client encodes it with Base64 so it can travel safely through SMTP servers.
• JSON Web Tokens (JWTs): The header and payload sections of a JWT are Base64url-encoded (a URL-safe variant of Base64). This allows the token's JSON data to be safely included in URLs and HTTP headers.
• Basic HTTP Authentication: The HTTP Basic auth scheme encodes the username:password string using Base64 before placing it in the Authorization header.

Base64 is NOT Encryption

This is one of the most common misconceptions about Base64, and it is important to be clear: Base64 is not a security measure. It is an encoding scheme, not an encryption algorithm. There is no secret key, no cryptographic transformation, and no security of any kind.

Anyone who has a Base64 string can decode it instantly. In JavaScript, it takes a single function call: atob('SGVsbG8=') returns Hello. In Python, it is just as simple: base64.b64decode('SGVsbG8=').

This means you should never use Base64 to "hide" sensitive data like passwords, API keys, personal information, or any other confidential content. If you see credentials stored in Base64, that is a security vulnerability, not a safeguard. If you need to protect data, use proper encryption algorithms like AES or use HTTPS for data in transit.

When NOT to Use Base64

While Base64 is useful, it comes with a significant tradeoff: size overhead. Base64 encoding increases the size of data by approximately 33%. Three bytes of input become four bytes of output. For a small icon this is negligible, but for larger files it adds up quickly. A 1 MB image becomes roughly 1.33 MB when Base64-encoded.

Here are situations where you should avoid Base64:

• Large images or files: Instead of embedding a large image as a Base64 data URL, serve it as a separate file. The browser can cache separate files, and the overall transfer size will be smaller.
• Performance-critical applications: Encoding and decoding Base64 consumes CPU cycles. In performance-sensitive contexts, working with raw binary data (such as ArrayBuffer in JavaScript) is more efficient.
• Database storage: Storing large blobs as Base64 text in a database wastes 33% more storage space. Use native binary column types (like BLOB or BYTEA) instead.
• Anything requiring security: As discussed above, Base64 provides zero confidentiality. Use real encryption.

A good rule of thumb: use Base64 when you need to embed small amounts of binary data inside a text-based format, and avoid it when the data is large or when alternatives like direct binary transfer are available.