What is the difference between Base64 and Base64URL?
Base64 and Base64URL are similar encoding schemes with small but important differences for URL safety.
Standard Base64:
Characters used: A-Z, a-z, 0-9, +, /, =
- Uses
+and/which are special characters in URLs - Uses
=for padding at the end - Safe for email, JSON, XML, but NOT safe for URLs without encoding
Example: Hello?? → SGVsbG8/Pw==
Base64URL:
Characters used: A-Z, a-z, 0-9, -, , (no padding)
- Replaces
+with-(hyphen/minus) - Replaces
/with_(underscore) - Removes
=padding characters - URL-safe without additional encoding_
Example: Hello?? → SGVsbG8_Pw_
When to Use Each:
Use Standard Base64 for:
- JSON API payloads
- Email (MIME encoding)
- XML documents
- Database storage
- Basic Authentication headers
- Image data URIs
Use Base64URL for:
- URL parameters (?token=...)
- URL paths (/share/...)
- JWT tokens (header and payload)
- OAuth tokens
- Short URLs
- Any data in URLs
Converting Between Them:
Standard to URL:
- Replace
+with- - Replace
/with_ - Remove trailing
=_
URL to Standard:
- Replace
-with+ - Replace
_with/ - Add
=padding (length should be multiple of 4)_
Important:
Both encodings are equally secure (which is to say, NOT secure at all - they're encoding, not encryption). The only difference is URL compatibility.