Web Development
Base64 Encoding Beyond the Basics
Learn about padding, URL-safe variants, security considerations, and when Base64 is not the right choice for your data encoding needs.
What Base64 Actually Does
Base64 encodes binary data into ASCII text by representing every 3 bytes as 4 characters using a 64-character alphabet. It is not encryption and not compression — it increases data size by approximately 33%. Its main purpose is to transmit binary data over media designed for text, such as email (MIME), JSON, or URLs.
Padding and Variants
Standard Base64 uses = padding to indicate how many bytes the encoded data represents. Two padding characters mean the last block had only 1 byte; one padding character means 2 bytes; no padding means the input length was a multiple of 3. URL-safe Base64 replaces + with - and / with _, and often omits padding entirely. When decoding, be prepared to handle both padded and unpadded inputs.
Security Considerations
Base64 is encoding, not encryption. Never use it to "hide" sensitive data. A Base64 string is trivially decoded by anyone who sees it. For actual secrecy, use AES or another encryption algorithm. However, Base64 is useful for wrapping encrypted binary data in text-friendly formats like JWT or API payloads.
Performance and Alternatives
For small payloads (images under 100KB embedded in HTML or CSS), Base64 is practical. For larger binary data, serve the file directly via a URL instead — Base64 bloats the page weight and prevents browser caching. Alternatives like Base85 (Ascii85) offer slightly better density but are less widely supported.