Encoding and Hashing: What Developers Actually Need to Know
Practical guide to Base64 encoding, URL encoding, hashing algorithms, and JWT tokens. Tools and concepts every developer uses.
Encoding and hashing pop up everywhere in web development. Embedding images in CSS? Base64. Passing data in URLs? URL encoding. Storing passwords? Hashing. Authenticating users? JWTs. These aren't exotic concepts — they're daily necessities.
Base64: Binary to Text
Base64 converts binary data into ASCII text. Sounds simple, but it's surprisingly useful.
Need to embed a small image directly in HTML or CSS? Base64. Sending binary data through a JSON API? Base64. Encoding credentials for Basic Auth? You guessed it.
The Base64 encoder/decoder handles both directions. Paste in your binary data or text, get the encoded version. Paste in Base64, get the original back. I use it constantly for debugging email attachments and data URIs.
One caveat: Base64 increases size by about 33%. Fine for small assets, problematic for large files.
URL Encoding: Safe Characters Only
URLs have rules about which characters are allowed. Spaces, special characters, non-ASCII text — all need encoding to travel safely through the web.
The URL Encoder converts problematic characters to percent-encoded equivalents. That space becomes %20. Your emoji becomes a long string of percent codes.
This matters when building query strings dynamically, handling user input in URLs, or debugging why a link isn't working. Often the issue is a single unencoded character breaking the whole URL.
Hashing: One-Way Transformation
Hashing takes input and produces a fixed-length output. The same input always gives the same hash. But you can't reverse it — that's the point.
The Hash Generator supports MD5, SHA-1, SHA-256, and others. Use SHA-256 for anything security-related. MD5 is fine for checksums but broken for security.
Common uses: verifying file integrity (did the download complete correctly?), storing passwords (never store plain text!), creating unique identifiers from content.
For HTML encoding, it's about preventing XSS attacks by escaping special characters like < and > before displaying user input.
JWT: Tokens That Carry Data
JSON Web Tokens are everywhere in modern authentication. That long string your API returns? It's actually three Base64-encoded parts separated by dots.
The JWT Decoder breaks this apart. See the header (algorithm used), payload (the actual claims), and verify the structure. Can't verify the signature without the secret, but you can inspect everything else.
Debugging auth issues? Check the token expiration. Wrong claims? See them clearly. Token not decoding? Maybe it's malformed.
Choosing the Right Tool
Encoding is reversible — you can always get the original back. Hashing is not — it's a one-way street.
Use Base64 for: embedding binary in text, Basic Auth, data URIs.
Use URL encoding for: query strings, special characters in URLs.
Use hashing for: passwords, integrity checks, unique IDs.
Use JWT for: authentication tokens, passing claims between services.
These transformations are building blocks of web security and data handling. Understanding when to encode vs. hash, and having tools ready for both, makes development smoother and more secure.