DEV Community

zhihu wu
zhihu wu

Posted on

3 Times You Need Base64 (and One Time You Definitely Don't)

When Base64 Makes Sense

Base64 converts binary data into text using 64 printable ASCII characters so it can travel through systems that don't handle raw bytes well. Here are three times you actually need it, and one time you shouldn't bother.

1. Embedding Small Images in HTML/CSS

Inline images via data URIs eliminate HTTP requests. For tiny assets like icons and email signature graphics, this is genuinely faster than a separate file:

<img src="data:image/png;base64,iVBORw0KGgo..." alt="logo">
Enter fullscreen mode Exit fullscreen mode

The tradeoff: Base64 inflates file size by ~33%. For anything over 5KB, a separate file with browser caching wins. But for that one-off SVG favicon or email footer, inline Base64 is perfect.

2. Sending Binary in JSON APIs

JSON can't carry raw bytes. When your API needs file uploads alongside metadata, Base64-encoding is the standard approach:

{
  "filename": "report.pdf",
  "content": "JVBERi0xLjQKJeLjz9MK...",
  "userId": 422
}
Enter fullscreen mode Exit fullscreen mode

Most cloud APIs (AWS Lambda payloads, webhook implementations) use this pattern under the hood.

3. Debugging Tokens and Auth Headers

JWT payloads are just Base64URL. Basic Auth headers are Base64-encoded user:pass. When debugging, paste a JWT's middle segment into any Base64 decoder and read the claims directly. Same trick for Authorization: Basic *** headers — decode the token after "Basic " to see the credentials.

When NOT to Use Base64

For security. Base64 is encoding, not encryption. It's trivially reversible and offers zero protection. I've seen devs Base64-encode API keys in client-side code thinking it hides them. It doesn't. Use AES-256 for actual security.


Need a quick Base64 encoder/decoder? I use this free tool — it runs entirely in the browser, handles files and data URIs, and works with both standard and URL-safe variants.

Top comments (0)