Base64 Encoding: What It Is, What It Isn't, and When to Use It
Base64 is everywhere in web development — in JWTs, data URIs, API tokens, and email attachments. Here's a clear explanation of how it works and common misconceptions.
64
Base64 Encoder / Decoder
Encode and decode text, files and images
Encode or decode Base64 online — text, files and images. Supports standard and URL-safe Base64 variants, Unicode strings and drag-and-drop file input. Instant results, 100% client-side, zero data sent to any server.
Variant
Input
Result
// quick guide
Base64 is a binary-to-text encoding scheme that converts arbitrary binary data into a string of 64 printable ASCII characters. It exists because many protocols — email, HTTP headers, JSON payloads — were designed to carry text, not raw binary. When you need to embed an image in an HTML document, include a PDF in a JSON API response, or store a binary token in a cookie, Base64 provides a reliable, universally-supported encoding.
Understanding what Base64 is not is equally important: it is not encryption. Anyone can decode a Base64 string in milliseconds without any secret key. The encoded output looks like random characters but contains no security — never use Base64 to protect sensitive data.
How to use this tool:
- Select the Encode tab to convert text or a file into Base64. Select Decode to reverse the process.
- Type or paste text directly, or drag and drop any file — images, PDFs, documents — onto the input area. The tool handles binary files correctly, not just text.
- Choose the encoding variant: Standard Base64 uses
+and/characters. URL-Safe Base64 replaces those with-and_, which is required when embedding Base64 inside URLs or JWT tokens. - Copy the output to the clipboard or download the decoded file directly to your device.
Where you will see Base64 in practice:
- Data URIs: Inline images in HTML and CSS use the format
data:image/png;base64,... - JWT tokens: The header and payload sections of every JWT are Base64url-encoded JSON objects.
- HTTP Basic Auth: Credentials are sent as
Authorization: Basic <base64(username:password)> - MIME email attachments: File attachments in emails are Base64-encoded for safe transport over SMTP.
All encoding and decoding in this tool runs in your browser via WebAssembly — no files or text are uploaded to any server.
// frequently asked questions
What is Base64 encoding used for?
Base64 is used to encode binary files (like images, documents, or audio) into text so they can be embedded directly in HTML, CSS, XML, or JSON, and transmitted securely over systems that do not support raw binary data.
Does Base64 encrypt my data?
No. Base64 is not encryption. It is a simple encoding format. Anyone can easily decode a Base64 string back to its original text or binary form. Never use Base64 to secure sensitive credentials without proper encryption.
What is the difference between Standard and URL-Safe Base64?
Standard Base64 uses '+' and '/' characters, which have special meanings in URLs. URL-Safe Base64 replaces '+' with '-' and '/' with '_', making it safe to use in query parameters and URL paths without additional percent-encoding.
Is there a file size limit for encoding files to Base64?
There is no hard limit, but since the encoding is processed entirely inside your browser's memory, files larger than 50MB may temporarily freeze the browser tab. We recommend keeping files under 20MB for the best experience.
Why does Base64 output always end with = or ==?
Base64 encodes 3 bytes at a time into 4 characters. When the input length is not divisible by 3, padding characters (=) are added to make the output a multiple of 4 characters. One = means 1 padding byte was needed; == means 2 were needed.