Let's get the obvious out of the way: Base64 is not encryption. I still see pull requests where someone Base64-encodes an API key and calls it "secured." It's an encoding โ anyone with a browser dev tools tab can flip it back to plaintext. Use it for data transport integrity, not confidentiality.
So when do you actually need it? The classic scenarios haven't changed in years: you're embedding an image inline in HTML or CSS via a data URI, you're stuffing binary into a JSON payload because the API doesn't support multipart uploads, or you're putting a binary blob into a URL-safe parameter. HTTP Basic Auth is another one โ the Authorization: Basic header is literally just base64(username + ":" + password). Not secret, just format-compatible.
The encoder itself is straightforward: paste, encode, copy. But here's where people trip up. Line breaks. If you've ever copied a Base64 string out of an email or PEM file, it probably arrived wrapped at 76 characters per line, with CR/LF thrown in for fun. Most web tools choke on that. This one strips whitespace before decoding โ paste the mess, get clean output.
Watch out for the + and / characters if you're putting Base64 into a URL. Browsers and servers interpret those wrong. Switch to the URL-safe variant (base64url per RFC 4648 ยง5) which swaps them for - and _. If your decoded output shows question-mark diamonds or mojibake, you've got a character encoding mismatch โ probably someone fed it Latin-1 bytes but you're decoding as UTF-8. Switch the charset dropdown and try again.
The 33% size increase is real. Three bytes become four characters every cycle. If you're embedding megabytes of image data into JSON, consider whether you should just be hosting the file instead. I've seen Base64 inflate a 5 MB response to 6.7 MB and then wondered why the mobile app felt sluggish on 3G.
One more gotcha โ the = padding at the end. Some old mobile SDKs reject Base64 with padding, so the tool lets you toggle it off. But if you strip padding, make sure the consumer knows, because the decoder needs either the padding or the original byte count to reconstruct the data cleanly.