Base64 encoding is a method of converting binary data or text into a text string using 64 printable ASCII characters. It's widely used for data transfer in web APIs, email attachments (MIME), embedding images in HTML/CSS, and storing complex data in text-based formats like JSON or XML.
How Does Base64 Work?
Base64 uses 64 characters: A-Z, a-z, 0-9, +, and /. Every 3 bytes (24 bits) of input data is converted into 4 Base64 characters (24 bits). If the input length isn't divisible by 3, padding characters (=) are added to make it so.
URL-Safe Base64
Standard Base64 uses + and / which can cause issues in URLs and file names. URL-safe Base64 replaces these with - and _ respectively, and removes padding = characters, making it safe for use in URLs, cookies, and file names.
Common Use Cases
- Data URLs: Embedding images directly in HTML/CSS (e.g.,
data:image/png;base64,...) - Authentication: JWT tokens, Basic Auth headers
- Email Attachments: MIME encoding for binary files in email
- API Responses: Transmitting binary data over JSON APIs
- Storing Binary Data: Saving files in text-based databases
Code Examples
JavaScript (Browser)
// Encode to Base64 (with Unicode support)
const text = "Hello, World! 🌍";
const encoded = btoa(unescape(encodeURIComponent(text)));
console.log(encoded); // SGVsbG8sIFdvcmxkISDwn4yN
// Decode from Base64
const decoded = decodeURIComponent(escape(atob(encoded)));
console.log(decoded); // Hello, World! 🌍
// URL-safe Base64
const urlSafe = encoded.replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
console.log(urlSafe); // SGVsbG8sIFdvcmxkISDwn4yNNode.js
// Encode to Base64
const text = "Hello, World!";
const encoded = Buffer.from(text).toString('base64');
console.log(encoded); // SGVsbG8sIFdvcmxkIQ==
// Decode from Base64
const decoded = Buffer.from(encoded, 'base64').toString('utf-8');
console.log(decoded); // Hello, World!
// URL-safe Base64
const urlSafe = Buffer.from(text).toString('base64url');
console.log(urlSafe); // SGVsbG8sIFdvcmxkIQ (no padding)Python
import base64
# Encode to Base64
text = "Hello, World!"
encoded = base64.b64encode(text.encode()).decode()
print(encoded) # SGVsbG8sIFdvcmxkIQ==
# Decode from Base64
decoded = base64.b64decode(encoded).decode()
print(decoded) # Hello, World!
# URL-safe Base64
url_safe = base64.urlsafe_b64encode(text.encode()).decode()
print(url_safe) # SGVsbG8sIFdvcmxkIQ==PHP
<?php
// Encode to Base64
$text = "Hello, World!";
$encoded = base64_encode($text);
echo $encoded; // SGVsbG8sIFdvcmxkIQ==
// Decode from Base64
$decoded = base64_decode($encoded);
echo $decoded; // Hello, World!
// URL-safe Base64
$urlSafe = strtr($encoded, '+/', '-_');
$urlSafe = rtrim($urlSafe, '=');
echo $urlSafe; // SGVsbG8sIFdvcmxkIQ
?>Security Considerations
⚠️ Important: Base64 is NOT encryption! It's simply an encoding scheme that makes binary data text-safe. Base64-encoded data can be easily decoded by anyone. Never use Base64 alone to protect sensitive information. Use proper encryption methods (AES, RSA) for security-sensitive data.
Base64 encoding comes up more often than you'd think in development work. I originally created this tool when I needed to quickly encode authentication credentials for HTTP Basic Auth headers during API integration testing. Since then, I've used it for embedding small images in CSS data URIs, encoding JWT payloads for inspection, decoding email attachments, and preparing multipart form data. The tool supports both standard Base64 and URL-safe variants (replacing + and / with - and _), which is crucial when encoding data for URLs or filenames. All processing happens in your browser—no data is uploaded to any server, making it safe for encoding sensitive credentials or customer information.
How to Use
For encoding: paste your plain text into the input field and click Encode. The output shows Base64-encoded string ready to copy. For decoding: paste Base64 string and click Decode to retrieve original text. Toggle 'URL-safe mode' when encoding data that will be used in URLs, query parameters, or filenames—this replaces problematic characters. The tool automatically detects encoding errors (invalid Base64 characters) and shows warnings. Works with UTF-8 text including emojis, special characters, and multi-byte languages. For binary files or images, use the file upload option.
Common Use Cases & Examples
**HTTP Basic Auth**: Encode 'username:password' to create Authorization header: `Basic dXNlcm5hbWU6cGFzc3dvcmQ=`. **Data URIs**: Encode small SVG icons or images to embed directly in HTML/CSS without external files. **JWT Inspection**: Decode JWT token parts (header and payload are Base64-encoded JSON) to inspect claims without verification. **Email Debugging**: Decode Base64-encoded email attachment content to verify data. **API Testing**: Encode JSON payloads for APIs that expect Base64-encoded request bodies.
Limitations & Important Notes
Base64 encoding increases data size by approximately 33% (4 characters for every 3 bytes of input)—not suitable for large file transfers. This tool is text-focused; while it handles UTF-8 well, true binary file encoding (like images or PDFs) should be done with specialized tools or programming libraries. Base64 is NOT encryption—it's merely encoding for safe text transmission. Anyone can decode it instantly. For file uploads, browsers may limit size to ~50-100MB depending on available memory. For very large datasets, use command-line tools like base64 (Unix/Linux/Mac) or certutil (Windows).