what base64 is
Base64 encodes binary data as ASCII text using a 64-character alphabet (A–Z, a–z, 0–9, +, /). It increases data size by ~33% but allows binary data to be transmitted through channels that only support text.
where you actually encounter it
- Basic auth headers —
Authorization: Basic dXNlcjpwYXNzis base64 ofuser:pass - Data URIs — inline images in CSS:
background-image: url('data:image/png;base64,...') - JWT tokens — the header and payload sections are base64url-encoded
- Shopify webhooks — HMAC verification uses base64 to encode the hash
shopify webhook verification
const crypto = require('crypto');
const hmac = crypto
.createHmac('sha256', process.env.SHOPIFY_WEBHOOK_SECRET)
.update(rawBody, 'utf8')
.digest('base64');
if (hmac !== req.headers['x-shopify-hmac-sha256']) {
return res.status(401).send('Unauthorized');
}
when not to use base64
Don't base64-encode data to "encrypt" or "secure" it — it's trivially reversible. Don't use data URIs for large images (hurts performance). Don't store passwords in base64 — that's not hashing.