If you've spent any time working with web development, email, or APIs, you've almost certainly encountered Base64 — usually as a long string of seemingly random letters and numbers that ends with one or two equals signs. It looks like garbled nonsense, but it has a very specific purpose.
Here's what Base64 actually is and why it exists.
Computers store everything as binary data — ones and zeros. But many text-based systems (email protocols, HTML, JSON, URLs) were designed to handle plain text characters, not raw binary data. If you try to pass binary data through a system that expects text, things break in unpredictable ways. Control characters get misinterpreted, null bytes cause strings to terminate early, and line endings get mangled depending on the operating system.
Base64 solves this by converting binary data into a string that uses only safe, printable ASCII characters — specifically the 64 characters A–Z, a–z, 0–9, plus + and /. Any binary data, no matter what it contains, can be safely represented in Base64 and transmitted through any text-based system without corruption.
Take the word "Hello" and encode it in Base64:
The equals sign at the end is padding — Base64 works in groups of 3 bytes, and padding fills the gap when the input isn't a multiple of 3. One equals sign means one byte of padding; two means two bytes. The absence of equals signs means the data divided evenly.
Now take a small PNG image — a few hundred bytes of binary data — and encode it in Base64. You get a long string of characters that looks like:
That string — starting with data:image/png;base64, — is called a data URI. You can drop it directly into an HTML <img> tag's src attribute and the browser will display the image without making any external request. No separate image file needed.
Small icons and images can be embedded directly in HTML or CSS as Base64 data URIs, eliminating an HTTP request per image. It's a common optimization for small icons — the trade-off is that the HTML/CSS file gets larger, so it's only worth it for small images.
JSON is a text format. If an API needs to send or receive binary data — an image, a file, a signature — it has to encode that binary data as text first. Base64 is the standard way to do this. If you've seen a JSON response with a field containing a huge string of letters and numbers, it was almost certainly Base64-encoded binary data.
Email attachments are sent as Base64. When you attach a file to an email, your email client encodes the file as Base64 and embeds it in the message body. The recipient's email client decodes it back. This is baked into the email protocol (MIME) and has been standard practice since the early 1990s.
Some databases are better suited to storing text than binary data. Base64 lets you store images, certificates, or other binary content as a text field without needing a separate binary column or object storage.
JWT (JSON Web Tokens), widely used for authentication in web apps, uses Base64URL encoding — a variant of Base64 that swaps + and / for - and _ to make the token safe to use in URLs. If you've ever seen an authentication header that looks like three Base64-ish strings separated by dots, that's a JWT.
Both Base64 and hexadecimal (hex) encoding represent binary data as text, but they serve different purposes and produce different output.
Hex uses only 16 characters (0–9 and A–F) and represents each byte as exactly two characters. This makes hex easy to read for humans — you can look at a hex string and identify individual bytes. It's the standard format for things like color codes, file headers, checksums, and cryptographic hashes.
Base64 uses 64 characters and is about 33% more compact than hex. It's less readable but better suited for transmitting larger amounts of binary data through text-based systems. You use hex to inspect data; you use Base64 to transmit it.
Paste text or data and convert to Base64 instantly. Full Unicode support including emoji and non-Latin scripts. Runs entirely in your browser.
Open Base64 EncoderBase64 exists because binary data doesn't travel well through text-based systems. It converts any binary data into a safe string of printable characters so it can be embedded in HTML, sent via email, stored in JSON, or passed through an API without getting corrupted. It's not a security measure — it's a compatibility layer. Once you recognize what it looks like and why it's used, you'll start noticing it in a lot of places you didn't expect.