Common Base64 Encoding Examples

Base64 encoding is used in dozens of everyday web contexts including HTTP Basic Auth headers, JWT tokens, data URIs, and cookie values. This collection shows the Base64 encoded form of common input types so you can recognize and decode them when they appear in logs or headers. The encoder processes UTF-8 text correctly, including characters outside the ASCII range. Remember that standard Base64 uses = padding characters that must be stripped when the value is used in a URL query string. Base64 works by converting every 3 bytes of binary input into 4 ASCII characters selected from a 64-character alphabet (A-Z, a-z, 0-9, +, /). Because 3 bytes × 8 bits = 24 bits, and 24 ÷ 6 = 4 groups of 6 bits, each group of 6 bits maps to one character in the alphabet. This predictable 4/3 size expansion means a 1 MB binary file becomes a 1.33 MB Base64 string. When the input length is not divisible by 3, one or two = padding characters are added to keep the output length a multiple of 4. HTTP Basic Auth is one of the most common places developers encounter Base64. The spec requires the username and password to be joined with a colon and Base64-encoded: if the credentials are user:password, the encoded form is dXNlcjpwYXNzd29yZA==, and the full header is Authorization: Basic dXNlcjpwYXNzd29yZA==. This is not encryption — anyone who intercepts the header can decode it in one step. Always use Basic Auth over HTTPS, and prefer token-based authentication for APIs exposed to the internet. JWT (JSON Web Token) uses Base64URL encoding — a variant that replaces + with - and / with _ and omits the = padding. This makes the token safe to include in URLs and HTTP headers without additional encoding. A JWT is three Base64URL-encoded sections separated by periods: header.payload.signature. The header and payload are readable by anyone who has the token; only the signature verification requires the secret key. Data URIs embed binary content like images directly into HTML or CSS using Base64. The format is data:[mediatype];base64,[base64data]. This eliminates an HTTP request but inflates HTML size and prevents the image from being cached separately. Use data URIs for small icons and favicons; for larger images, a CDN-hosted URL is more efficient. URL-safe Base64 is needed for any Base64 value that will be embedded in a URL query string or used as a filename. Standard Base64 uses + and / which have special meaning in URLs and may cause parsing errors. The URL-safe variant replaces + with - and / with _ and drops = padding. Most modern libraries offer a urlsafe_b64encode option (Python) or require a manual character substitution. For recognizing Base64 in the wild: look for strings using only alphanumeric characters plus +, /, and trailing = signs. Strings with length divisible by 4 (after removing whitespace) are almost certainly Base64. In logs, cookies, or API responses, any long opaque alphanumeric string ending in == or = is worth decoding to understand its content.

# HTTP Basic Auth header value
user:password → dXNlcjpwYXNzd29yZA==

# JSON object
{"key":"value"} → eyJrZXkiOiJ2YWx1ZSJ9

# Simple string
Hello, World! → SGVsbG8sIFdvcmxkIQ==

# API key format
Bearer sk-example → QmVhcmVyIHNrLWV4YW1wbGU=

# Email address
[email protected] → dXNlckBleGFtcGxlLmNvbQ==