Question 1

What is HTTP Basic Authentication?

Accepted Answer

HTTP Basic Authentication is a simple authentication scheme built into the HTTP protocol. The client sends credentials (username and password) encoded in Base64 as part of the Authorization request header: 'Authorization: Basic <base64(username:password)>'. It is simple but only secure over HTTPS since Base64 is not encryption.

Question 2

Is Base64 encoding the same as encryption?

Accepted Answer

No. Base64 is an encoding scheme that converts binary data to ASCII text — it is completely reversible by anyone without a key. Sending Basic Auth credentials is only safe over HTTPS, which provides actual transport encryption. Over plain HTTP, anyone who can intercept the traffic can decode the credentials instantly.

Question 3

What is the format of the Authorization header?

Accepted Answer

The Authorization header value for Basic Auth is: 'Basic ' followed by the Base64 encoding of 'username:password'. For example, if username is 'admin' and password is 'secret', the header is 'Authorization: Basic YWRtaW46c2VjcmV0'. The colon is the separator between username and password.

Question 4

Can the username contain a colon?

Accepted Answer

According to RFC 7617, the username must not contain a colon character. This is because the colon is used as the separator between username and password in the encoded string. The password, however, may contain colons — only the first colon in the decoded string is treated as the separator.

Question 5

How do I use this in cURL?

Accepted Answer

In cURL you can use the -u flag: curl -u username:password https://api.example.com. Or you can manually set the header: curl -H "Authorization: Basic <base64value>" https://api.example.com. The -u flag handles the encoding automatically.

HTTP Basic Auth Encoder

よくある質問

コード実装

Comments & Feedback