figro
FigroGuides › What is Base64
Developer

What Is Base64 Encoding? (And When to Use It)

By the Figro team · Updated July 2026 · about a 6-minute read

Base64 is a way to represent arbitrary binary data — images, files, or raw bytes — as a string of ordinary printable characters. It converts any sequence of bytes into an alphabet of 64 safe ASCII characters so that the data can travel through systems that only understand text, such as email, JSON APIs, and HTTP headers, without being garbled along the way.

The core problem Base64 solves

Computers store everything as binary: sequences of bytes, each a number from 0 to 255. Many communication protocols, however, were designed for text. Old email systems, for instance, expected 7-bit ASCII characters (values 0–127) and would silently corrupt or drop bytes outside that range. HTTP headers must contain only printable US-ASCII. JSON has no native binary type at all.

When you need to carry binary data through one of these text-only channels, you need a way to represent every possible byte value using only a safe subset of characters. Base64 is the most widely adopted solution to that problem.

The name reflects the math: the encoding uses exactly 64 distinct characters — the 26 uppercase letters A–Z, the 26 lowercase letters a–z, the digits 0–9, and two additional characters, typically + and / (or - and _ in the URL-safe variant). Because 26 = 64, each character carries exactly 6 bits of information, which is how the algorithm maps bytes to characters.

How Base64 encoding works

The algorithm processes input 3 bytes at a time. Three bytes is 24 bits, which divides cleanly into four 6-bit groups. Each 6-bit group is used as an index into the 64-character alphabet to produce one output character. So every 3 bytes of input becomes exactly 4 characters of output.

A concrete example

Take the three-character ASCII string Man. In binary, that is:

M = 77 = 01001101
a = 97 = 01100001
n = 110 = 01101110

Concatenated: 010011010110000101101110 (24 bits)

Split into four 6-bit groups: 010011 010110 000101 101110
Decimal values: 19, 22, 5, 46
Base64 characters (from the standard alphabet): T W F u

Result: TWFu

You can verify this yourself: encode Man in any Base64 tool and you will always get TWFu. The mapping is deterministic and reversible — the decoder reads each character's position in the alphabet, recovers the 6-bit values, reassembles the bits into bytes, and produces the original input.

Padding with =

When the input length is not a multiple of three, the encoder cannot fill the last group of four characters completely. It pads the output with one or two = signs to bring it to a full group of four. The padding tells the decoder how many meaningful bytes are in the last group, ensuring clean round-trips even for inputs of any length.

How much larger does Base64 make the data?

Because 3 input bytes produce 4 output characters, Base64 increases the size of the data by about one third. More precisely, the encoded output is always ceil(n / 3) × 4 characters long, where n is the number of input bytes. A 100-byte image becomes roughly 136 characters of Base64 text. A 1 MB file becomes about 1.37 MB of Base64. That size overhead is the main reason to avoid Base64 when a binary-safe channel is available.

Common real-world uses of Base64

Base64 appears in more places than most developers initially realize:

Base64 is not encryption

This is the single most important thing to understand about Base64: it provides zero security. Anyone who sees a Base64 string can decode it instantly. It is a data-representation format, not a confidentiality mechanism.

A common mistake is to Base64-encode a secret and assume it is "hidden" or "obfuscated." It is not. The string SGVsbG8gV29ybGQ= decodes to Hello World in under a second using any decoder. If you need to protect data in transit, use TLS. If you need to protect data at rest, use a proper encryption algorithm such as AES-256. Base64 is for safe transport, not for secrecy.

Base64 vs. URL encoding — when to use which

These two encodings solve related but different problems, and they are not interchangeable:

Property Base64 URL encoding (percent-encoding)
Purpose Represent binary data as text Escape characters reserved in URLs
Input Any bytes Text strings with special characters
Output characters A–Z, a–z, 0–9, +, /, = Original chars + %XX sequences
Size change +~33% Varies (only reserved chars expanded)
Typical use API payloads, email, data URIs Query strings, form submissions

Use Base64 when you need to embed binary data inside a text container. Use URL encoding (percent-encoding) when you need to pass a string through a URL query parameter. If you need Base64 inside a URL, use the URL-safe Base64 variant (- and _ instead of + and /, no = padding) to avoid conflicts with URL syntax.

Decoding Base64 — checking what a string actually contains

Developers often encounter Base64 strings in logs, API responses, or authentication headers and need to inspect their contents quickly. The algorithm is deterministic, so decoding is equally straightforward: each group of four characters maps back to three bytes. A few things worth knowing when decoding:

Quick reference: is this string Base64?

A Base64 string consists only of the characters A–Z, a–z, 0–9, +, /, and optionally trailing = signs. Its length is always a multiple of 4 (after accounting for any padding). If you see characters outside this set, it is either URL-safe Base64, a different encoding, or not Base64 at all.

When not to use Base64

Base64 is not always the right tool. Avoid it in these situations:

Encode or decode Base64 in your browser

Figro's free Base64 tool encodes and decodes Base64, URL encoding, HTML entities, hex, JWT, and Unicode — all locally in your browser. Nothing is uploaded or stored.

Open the free Base64 encoder →

Figro's guides are educational and independent. They are not professional advice. Some pages include affiliate links; if you purchase through them we may earn a commission at no extra cost to you.