What is Base64 Encoding?

The problem it solves

Binary data contains bytes that text-based protocols mangle: control characters, nulls, bytes that look like delimiters. Base64 re-expresses every 3 bytes of data as 4 characters drawn from A–Z, a–z, 0–9, + and / — characters that survive any text channel untouched. That's why email attachments (MIME), data: URIs in CSS, and binary blobs inside JSON all ride as Base64.

How the encoding works

• Take 3 bytes (24 bits), split into four 6-bit groups, map each to one of 64 characters.
• Output is always a multiple of 4 characters; missing input bytes are signalled with = padding.
• Size cost: encoded data is ~33% larger than the original — Base64 is the opposite of compression.

Base64 is NOT encryption

Anyone can decode Base64 instantly — there is no key. Encoding credentials or secrets in Base64 (a depressingly common mistake) provides zero protection; it only makes them look scrambled. If data must be confidential, encrypt it; Base64 is only for transport-safety.

URL-safe Base64

Standard Base64 uses + and /, which collide with URL syntax. The URL-safe variant swaps them for - and _ and usually drops the = padding. You'll meet it everywhere in web auth — JWT header, payload and signature are each Base64URL-encoded.