Base64 Encoding and Decoding — A Practical Developer Guide

Base64 is one of those encoding schemes that every developer encounters but few can explain without looking it up. You see it in JWT tokens, data URIs, email attachments, and API authentication headers. Understanding it properly will save you hours of debugging.

Use Intoolhub's Base64 Encoder / Decoder to follow along with the examples below.

What Is Base64?

Base64 is an encoding scheme that converts binary data into a string of 64 printable ASCII characters. Those characters are:

A–Z  (26 characters)
a–z  (26 characters)
0–9  (10 characters)
+    (1 character)
/    (1 character)
=    (used for padding)

Important: Base64 is encoding, not encryption. Anyone can decode a Base64 string. Never use it to "protect" sensitive data.

Why Does Base64 Exist?

Many systems were designed to handle text, not arbitrary binary data. Email (SMTP), HTML, and URLs are text-based protocols that break when they encounter raw binary bytes like 0x00 or control characters.

Base64 solves this by representing binary as safe ASCII text, at the cost of ~33% size increase.

How It Works

Base64 works in 3-byte groups:

1. Take 3 bytes (24 bits) of input
2. Split into four 6-bit groups
3. Map each 6-bit group to a character from the Base64 alphabet

Input:    M        a        n
Binary:   01001101 01100001 01101110
Groups:   010011   010110   000101   101110
Index:    19       22       5        46
Output:   T        W        F        u

So Man encodes to TWFu. You can verify this in the Base64 tool.

Common Use Cases

1. Data URIs (inline images in CSS/HTML)

<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA..." />

Embeds the image directly in the HTML, eliminating an HTTP request. Useful for small icons.

2. JWT Tokens

A JWT consists of three Base64URL-encoded sections separated by dots:

header.payload.signature
eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0In0.abc123

Decode the payload to see the claims — use Intoolhub's JWT Decoder for this.

3. HTTP Basic Authentication

Authorization: Basic dXNlcjpwYXNzd29yZA==

dXNlcjpwYXNzd29yZA== decodes to user:password.

4. Storing binary data in JSON

JSON only supports strings, numbers, booleans, arrays, and objects — not raw binary. Base64 lets you embed file contents or cryptographic keys as a JSON string field.

Base64 vs Base64URL

Standard Base64 uses + and / which are special characters in URLs. Base64URL replaces them:

JWTs and OAuth tokens use Base64URL. If you're decoding a JWT manually, replace - with + and _ with / before standard decoding.

Encoding in Different Languages

// JavaScript (browser)
btoa('Hello, World!') // encode → "SGVsbG8sIFdvcmxkIQ=="
atob('SGVsbG8sIFdvcmxkIQ==') // decode → "Hello, World!"

// Node.js
Buffer.from('Hello').toString('base64') // encode
Buffer.from('SGVsbG8=', 'base64').toString() // decode

import base64
base64.b64encode(b'Hello, World!').decode()         # encode
base64.b64decode('SGVsbG8sIFdvcmxkIQ==').decode()  # decode

echo -n "Hello, World!" | base64          # encode
echo "SGVsbG8sIFdvcmxkIQ==" | base64 -d  # decode

When Not to Use Base64

• Don't use it for passwords — hash passwords with bcrypt, Argon2, or scrypt
• Don't use it for large files — the 33% size overhead adds up; use binary protocols instead
• Don't confuse encoding with encryption — Base64 provides zero security

→ Open Base64 Encoder / Decoder