base64 encoding in web development: when and why

what base64 is

Base64 encodes binary data as ASCII text using a 64-character alphabet (A–Z, a–z, 0–9, +, /). It increases data size by ~33% but allows binary data to be transmitted through channels that only support text.

where you actually encounter it

• Basic auth headers — Authorization: Basic dXNlcjpwYXNz is base64 of user:pass
• Data URIs — inline images in CSS: background-image: url('data:image/png;base64,...')
• JWT tokens — the header and payload sections are base64url-encoded
• Shopify webhooks — HMAC verification uses base64 to encode the hash

shopify webhook verification

const crypto = require('crypto');
const hmac = crypto
  .createHmac('sha256', process.env.SHOPIFY_WEBHOOK_SECRET)
  .update(rawBody, 'utf8')
  .digest('base64');

if (hmac !== req.headers['x-shopify-hmac-sha256']) {
  return res.status(401).send('Unauthorized');
}

when not to use base64

Don't base64-encode data to "encrypt" or "secure" it — it's trivially reversible. Don't use data URIs for large images (hurts performance). Don't store passwords in base64 — that's not hashing.