How to Encode and Decode Base64

Base64 encoding comes up constantly in web development — from embedding images in HTML to sending credentials in HTTP headers. If you need to quickly encode or decode a string without spinning up a terminal, the Base64 Encoder handles it instantly in your browser.

Understanding Base64

Base64 is an encoding scheme, not encryption. This distinction matters. Encoding converts data into a different representation so it can travel safely through systems that only handle text (like email protocols or JSON payloads). Anyone can decode Base64 — there is no key, no secret, and no security. Never use Base64 to “hide” passwords or sensitive data.

The scheme works by taking every 3 bytes of input and converting them into 4 ASCII characters drawn from a set of 64 characters (A-Z, a-z, 0-9, +, /, and = for padding). This means Base64 output is always about 33% larger than the input. URL-safe Base64 replaces + with - and / with _ so the output can be used in URLs without percent-encoding.

Common use cases include:

• Data URIs: Embedding small images or fonts directly in CSS or HTML with data:image/png;base64,... to avoid extra HTTP requests.
• Authorization headers: HTTP Basic Auth encodes username:password as Base64 in the Authorization header.
• JWT tokens: Each segment of a JWT is Base64url-encoded JSON. You can decode them to inspect claims without a library.
• Binary data in JSON: Since JSON cannot represent raw bytes, binary content like file uploads is often Base64-encoded before being placed in a JSON field.

Tips and best practices

• Use URL-safe Base64 for anything that goes in a URL or query parameter. Standard Base64 characters like + and / have special meaning in URLs and will cause breakage.
• Do not Base64-encode large files in production. The 33% size overhead adds up fast. Use proper file upload mechanisms instead.
• Remember that Base64 is reversible by anyone. If you see credentials in a Base64 string in a codebase, they are not protected — they are just obfuscated.
• Check for padding. Valid Base64 strings have a length divisible by 4. Missing = padding characters can cause decoding failures in strict parsers.

Common issues

• Garbled output when decoding: This usually means the input is not actually Base64, or it uses URL-safe encoding while the decoder expects standard encoding (or vice versa).
• Whitespace in the input: Some tools insert line breaks in long Base64 strings (MIME-style). Strip newlines and spaces before decoding if you get unexpected errors.
• Encoding already-encoded data: Double-encoding is a common mistake. If your output looks like valid Base64 but decodes to another Base64 string, you have encoded it one too many times.