Security
Basic Auth Generator
The Basic Auth Encoder generates the Base64-encoded credential string used in HTTP Basic Authentication headers. Enter a username and password and the tool produces the ready-to-use Authorization header value (Basic dXNlcjpwYXNz) that you can paste directly into API clients, curl commands, or HTTP request headers. All encoding happens in the browser – credentials are never transmitted to any server.
What is HTTP Basic Authentication?
HTTP Basic Authentication is the simplest form of HTTP authentication, defined in RFC 7617. The client sends an Authorization header containing the word 'Basic' followed by a Base64-encoded string of the username and password joined by a colon (username:password). The server decodes the header and verifies the credentials. Because the credentials are only Base64-encoded (not encrypted), Basic Auth must always be used over HTTPS to prevent credential interception. Despite its simplicity, Basic Auth is still widely used for machine-to-machine API authentication, CI/CD pipelines, and protecting internal services behind a reverse proxy.
How does the tool work?
The tool concatenates the username and password with a colon separator (username:password), encodes the resulting string as UTF-8 bytes, and then Base64-encodes the byte sequence using the standard Base64 alphabet. The encoded result is prefixed with 'Basic ' to form the complete Authorization header value. The tool also shows the curl equivalent (-u username:password or --header 'Authorization: Basic ...') so you can copy it directly for command-line use. Decoding mode accepts a Basic auth header value and reveals the embedded credentials.
Typical Use Cases
- Generating the Authorization header for API requests that require HTTP Basic Auth
- Constructing curl commands with Basic Auth credentials for API testing
- Configuring Basic Auth credentials for a reverse proxy (nginx, Apache, Traefik)
- Decoding a Basic Auth header from a log file to inspect the embedded credentials
Step-by-step Guide
- Step 1: Enter the username in the username field and the password in the password field.
- Step 2: The tool instantly generates the Base64-encoded credential string.
- Step 3: Copy the full Authorization header value or just the Base64 token.
- Step 4: Use the decode tab to decode an existing Basic Auth header back to username:password.
Example
Input
Username: admin | Password: s3cret
Output
Authorization: Basic YWRtaW46czNjcmV0
Tips & Notes
- Always use HTTPS when sending Basic Auth credentials – over plain HTTP the Base64 token can be decoded by any observer on the network.
- Basic Auth credentials sent via a proxy are visible to the proxy operator; prefer token-based auth (Bearer tokens, OAuth) for sensitive APIs.
- Some systems use the format 'user:token' where the password field contains an API token rather than a real password – this is still standard Basic Auth.
Frequently Asked Questions
Is Base64 encoding the same as encryption?
No. Base64 is an encoding scheme, not encryption. Anyone who intercepts the Authorization header can decode it immediately without a key. This is why Basic Auth requires HTTPS.
What characters are allowed in the username and password?
The colon character (:) is not allowed in the username because it is used as the delimiter between username and password. The password may contain colons. All other characters, including non-ASCII Unicode, are supported through UTF-8 encoding.
Can I use Basic Auth with modern APIs?
Yes, many APIs support Basic Auth, often with an API key as the username and an empty or placeholder password, or vice versa. GitHub's API, npm registry, and many CI/CD systems use this pattern.
Basic Auth Generator
Generate a Base64-encoded Basic Auth header from a username and password — including decoding and usage examples.
Open Tool