Aarunya AppsAarunya Apps
🛠️ Developer7 min read·August 5, 2026

Base64 Encode/Decode — What It Is and When Developers Actually Need It

Base64 is one of those things developers encounter constantly but rarely think about. It shows up in JWT tokens, Basic Auth headers, data URLs, email attachments, and API responses — yet most developers treat it like a black box. Here's what it actually is and when you need it.

What base64 actually is

Base64 is an encoding scheme that converts binary data into a string of 64 printable ASCII characters (A–Z, a–z, 0–9, +, /). It exists because many systems — HTTP headers, email protocols, JSON payloads — are designed to transport text, not arbitrary bytes.

The tradeoff: base64 expands data by ~33%. A 100-byte binary becomes ~133 characters. That's the price of text-safety.

When you actually need it

  • Basic Auth headersAuthorization: Basic <base64(username:password)>
  • JWT tokens — the header and payload are base64url-encoded (a variant that uses -_ instead of +/ and omits padding)
  • Data URLssrc="data:image/png;base64,iVBORw0KGgo…" embeds binary files directly in HTML
  • API payloads — sending binary files (images, PDFs) through a JSON API
  • Email MIME — attachments in email messages are base64-encoded

Encode and decode in JavaScript

// Browser + Node.js 16+
const encoded = btoa("Hello, World!")      // "SGVsbG8sIFdvcmxkIQ=="
const decoded = atob("SGVsbG8sIFdvcmxkIQ==") // "Hello, World!"

// Node.js (Buffer API — handles any encoding)
const encoded = Buffer.from("Hello, World!").toString("base64")
const decoded = Buffer.from("SGVsbG8sIFdvcmxkIQ==", "base64").toString("utf-8")

// Base64url (for JWTs — no padding, - and _ instead of + and /)
const b64url = Buffer.from(data).toString("base64url")

The UTF-8 gotcha

btoa() only works with strings where every character is in the range 0–255. Pass it a string with emoji or non-Latin characters and it throws InvalidCharacterError. The fix:

// Safe base64 encode for any Unicode string
const encoded = btoa(encodeURIComponent("こんにちは").replace(
  /%([0-9A-F]{2})/g,
  (_, p1) => String.fromCharCode(parseInt(p1, 16))
))

// Or use the TextEncoder API (cleaner)
const bytes = new TextEncoder().encode("こんにちは")
const b64 = btoa(String.fromCharCode(...bytes))

Base64 is not encryption

This is the most common misunderstanding. Base64 encodes data — it does not encrypt or obscure it. Anyone can decode a base64 string in seconds. Never use base64 to "hide" secrets, passwords, or sensitive data. Use it only to make binary data text-safe for transport.

Need to encode or decode quickly without leaving your browser? Aarunya Base64 Encoder/Decoder handles standard base64 and base64url — paste your value, get the result instantly. Nothing is sent to any server.

Try the related tool

Base64 Encoder / Decoder — free, runs 100% in your browser.

Open Base64 Encoder / Decoder

Enjoyed this? Get notified when Pro launches.