What Is Base64? A Complete Guide to Base64 Encoding

Base64 is one of the most widely used encoding schemes on the web, yet it is also one of the most misunderstood. This guide explains what Base64 is, how it works under the hood, where you will encounter it, and the difference between standard and URL-safe Base64. When you are ready to try it, jump straight to the Base64 converter.

What is Base64 encoding?

Base64 is a binary-to-text encoding that represents binary data using a set of 64 printable ASCII characters. The name comes from this radix-64 alphabet: the uppercase letters A–Z, the lowercase letters a–z, the digits 0–9, and the two symbols + and /. The = character is used for padding. Because every character is printable and safe, Base64 lets you move binary data through channels that were designed for plain text.

How does Base64 work?

Base64 takes your input three bytes (24 bits) at a time and splits those 24 bits into four groups of six bits. Each 6-bit group is a number from 0 to 63, which maps to one character in the Base64 alphabet. When the input length is not a multiple of three, the encoder pads the final group with one or two = characters so the output length is always a multiple of four. For example, the text Hi encodes to SGk=.

Common use cases for Base64

You will find Base64 almost everywhere data needs to travel as text: embedding images and fonts directly in HTML or CSS using data URLs, attaching files to email through MIME, carrying binary payloads inside JSON APIs, encoding the segments of a JSON Web Token (JWT), and storing small binary blobs in text-only databases or configuration files.

Standard vs. URL-safe Base64

The standard alphabet uses + and /, which have special meaning inside URLs. The URL-safe variant replaces them with - and _ and drops the = padding, so the encoded value can sit inside a query string, cookie or filename without further escaping. JWTs and OAuth tokens use this URL-safe form.

Base64 is not encryption

This is the single most important thing to remember: Base64 provides no security. It is a reversible encoding, so anyone can decode a Base64 string back to its original contents in seconds. Never use Base64 to hide passwords, API keys or personal data — for that you need real encryption. If you need to read a Base64 value, use the Base64 decoder.

Encode and decode Base64 now

Ready to try it yourself? Use the encoder to turn text into Base64, the decoder to read a Base64 string, or the URL-safe tool for tokens and URLs. Everything runs locally in your browser, so your data stays private.

Base64 frequently asked questions

Is Base64 the same as encryption?+

No. Base64 is a reversible encoding that anyone can decode. It provides no confidentiality and must never be used to protect passwords, keys or personal data.

Why is Base64 used in data URLs?+

Data URLs embed files directly inside HTML or CSS. Base64 turns binary image or font data into text that fits in an attribute or stylesheet, removing a separate network request.

How much larger is Base64 data?+

Base64 expands data by about 33%, because every 3 bytes become 4 characters. For large files this overhead can be significant.

What characters does Base64 use?+

Standard Base64 uses A–Z, a–z, 0–9, "+" and "/", with "=" as padding. The URL-safe variant swaps "+" and "/" for "-" and "_".