May 9, 2026 · 6 min read

What is Base64 Encoding? A Developer's Guide

If you've worked with web APIs, email attachments, or JWTs, you've seen Base64. But what actually happens when you encode something? This guide breaks it down.

What is Base64?

Base64 is a binary-to-text encoding scheme that represents binary data in an ASCII string format. It's defined in RFC 4648 and uses 64 characters (A-Z, a-z, 0-9, +, /) plus = for padding.

The name "Base64" comes from the 64-character alphabet. Each character represents 6 bits of data (since 2^6 = 64). Three bytes (24 bits) become four Base64 characters.

Why Do We Need Base64?

Many data transmission protocols — HTTP, SMTP (email), JSON — are designed to carry text, not raw binary. When you need to embed an image in an HTML email or send binary data in a JSON API response, you need a way to represent that binary data as safe text characters. That's where Base64 comes in.

Common use cases include:

  • Email attachments — MIME encodes attachments as Base64
  • Data URIs — Embedding small images directly in HTML/CSS (data:image/png;base64,...)
  • JWT tokens — The header and payload of a JWT are Base64URL-encoded JSON
  • API authentication — HTTP Basic Auth encodes username:password as Base64
  • Storing binary in databases — When a TEXT column needs to hold binary data

How Base64 Encoding Works

The process has three steps:

  1. Take the binary data and group it into 3-byte (24-bit) chunks
  2. Split each 24-bit group into four 6-bit values
  3. Map each 6-bit value to its corresponding Base64 character

For example, encoding the string Man:

Text:      M         a         n
ASCII:    77        97        110
Binary:   01001101  01100001  01101110
6-bit:    010011  010110  000101  101110
Decimal:  19      22      5       46
Base64:   T       W       F       u

If the input isn't divisible by 3, Base64 adds padding with = characters. One extra byte becomes two Base64 characters plus two = signs. Two extra bytes become three Base64 characters plus one =.

Base64 vs Base64URL

Standard Base64 uses + and / which have special meaning in URLs. Base64URL (used in JWTs) replaces these with - and _ respectively, and strips padding for a URL-safe string.

Try It Yourself

Use ByteBox's free Base64 Encoder / Decoder to experiment. It's 100% client-side — your data never leaves your browser:

  • Paste any text and see the Base64 output instantly
  • Decode encoded strings back to readable text
  • Great for debugging API tokens, JWTs, and encoded config values

Try Base64 Encoder/Decoder →

Related Reading

Once you understand Base64, you might want to learn how to validate JSON (since JWT payloads are JSON) or use the URL Encoder for percent-encoding vs Base64URL.

All ByteBox tools run 100% client-side. No data is ever uploaded to our servers.