Base64 is an encoding that turns bytes into printable characters. It is not encryption. It is widely used for data transfer, JWT tokens, and embedding small binary blobs in text formats.
Base64 vs Base64URL
- Base64 uses '+' and '/' and often includes '=' padding.
- Base64URL uses '-' and '_' and often omits '=' padding.
If you are working with JWT, you almost always want Base64URL.
Padding '='
Padding helps decoders know how many bytes were in the original data. Some systems strip padding. If decoding fails, add '=' until the string length is a multiple of 4.
Common pitfalls
- UTF-8 text: non-ASCII characters require UTF-8 aware encoding/decoding.
- Binary data: images/files should decode to bytes, not to “text”.
- JWT: only header and payload decode to JSON; signature is different.