What is Base64 Encoding and How Does It Work?

If you have ever looked at a long string of letters, numbers, and plus or slash characters in a URL, email, or API response, you have probably encountered Base64 encoding. It is one of the most widely used encoding schemes in software development, yet many developers use it without fully understanding what it does or how it works.

What Base64 Actually Is

Base64 is a binary-to-text encoding scheme. It takes raw binary data and converts it into a string of ASCII characters that can be safely transmitted through text-based systems. The name comes from the fact that it uses 64 different characters to represent data: the uppercase letters A through Z (26), the lowercase letters a through z (26), the digits 0 through 9 (10), and two additional characters, typically + and /.

How the Algorithm Works

The encoding process is straightforward once you break it down. First, the input data is read as a stream of bytes. Each byte is 8 bits, so three bytes together form 24 bits. Those 24 bits are then split into four groups of 6 bits each. Each 6-bit group maps to one of the 64 characters in the Base64 alphabet.

Because 6 bits can represent values from 0 to 63, each group maps neatly to a single character. If the input data is not a multiple of three bytes, padding characters (=) are appended to the output to indicate the missing bytes. One missing byte means one = at the end, and two missing bytes means two.

A Quick Example

The ASCII string Hi is two bytes: 72 and 105 in decimal, or 01001000 01101001 in binary. Together that is 16 bits. To make a full 24-bit group, a null byte is appended, giving 01001000 01101001 00000000. Split into 6-bit groups: 18, 6, 36, 0. Those map to SGk=. The trailing = indicates one byte of padding was needed.

When to Use Base64

Base64 is useful whenever binary data needs to travel through a channel designed for text. Common scenarios include:

• Email attachments. MIME encoding uses Base64 to embed binary files inside text-based email messages.
• Data URIs. You can embed small images directly in HTML or CSS using data:image/png;base64,... syntax, eliminating an extra HTTP request.
• REST APIs. Some APIs accept or return binary data (images, PDFs, certificates) as Base64 strings inside JSON payloads.
• Basic authentication. HTTP Basic Auth encodes the username and password pair as a Base64 string in the Authorization header.
• Storing binary in text formats. Configuration files, XML, or JSON sometimes need to include binary blobs like cryptographic keys.

Common Misconceptions

Base64 is Not Encryption

This is the most important thing to understand. Base64 provides zero security. It is a reversible encoding, not a cipher. Anyone who sees a Base64 string can decode it instantly. Never use Base64 to hide sensitive data like passwords or API keys. If you need to protect data, use proper encryption such as AES or a hashing algorithm like SHA-256.

Base64 Increases Data Size

Because three bytes of input become four bytes of output, Base64 encoding increases data size by approximately 33%. This is an important consideration when embedding large files. For small icons and fonts it is perfectly fine, but for large images you are usually better off serving them as separate files.

Base64 Variants

The standard Base64 alphabet uses + and / as the last two characters. However, these are special characters in URLs. The URL-safe variant replaces them with - and _, and often omits the padding = characters. JWT tokens use this URL-safe variant, which is why they look slightly different from standard Base64 output.

Using Base64 in JavaScript

In the browser, you can use btoa() to encode a string to Base64 and atob() to decode it. In Node.js, use Buffer.from(str).toString('base64') for encoding and Buffer.from(b64, 'base64').toString() for decoding. Be aware that btoa() only handles Latin-1 characters. For Unicode strings, you need to encode to UTF-8 first using TextEncoder.