The HTTP Authorization
request header contains the credentials to authenticate a user agent with a server, usually after the server has responded with a 401
Unauthorized
status and the WWW-Authenticate
header.
Header type | Request header |
---|---|
Forbidden header name | no |
Authorization: <type> <credentials>
aladdin:opensesame
).YWxhZGRpbjpvcGVuc2VzYW1l
).Note: Base64 encoding does not mean encryption or hashing! This method is equally secure as sending the credentials in clear text (base64 is a reversible encoding). Prefer to use HTTPS in conjunction with Basic Authentication.
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
See also HTTP authentication for examples on how to configure Apache or nginx servers to password protect your site your HTTP basic authentication.
Specification | Title |
---|---|
RFC 7235, section 4.2: Authorization | HTTP/1.1: Authentication |
RFC 7617 | The 'Basic' HTTP Authentication Scheme |
© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization