Using Basic Authentication

Updated 3 months ago by Rahul Lahiri

When you send an API request to any service, you may need to send the credentials as part of the request to verify the authenticity of the caller. Basic authentication is a simple authentication scheme for establishing the credentials of the user. In basic HTTP authentication, a request contains a header field in the form of Authorization: Basic <credentials>, where credentials is the Base64 encoding of ID and password joined by a single colon (username:password).

Example of basic authorization header:

Authorization: Basic dGVzdDoxMjPCow==

With basic authentication, each call carries the encoded value of the username and password in the header. The credential value is long-lived, ie. the encoded token will be valid until the password is changed.

Basic authentication with API Studio

Since basic authentication uses a long-lived token, the most convenient approach is to store the token is in an environment variable and add the environment variable to the API request header. The steps are:

  • Generate the encoded authorization token
  • Store the authorization token in an environment variable
  • Add the basic authorization header to the request header section using the environment variable

Encoding your credentials

Use a tool like Notepad++ or to encode your username:password string using Base64 encoding.

To encode your username:password string in Notepad++, use the following steps:

1. Enter the username:password string (for example, in Notepad++, and select the entire string
2. From the menu bar, select Plugins > Mime Tools > Base64 Encode
3. The username:password string will be replaced with the encoded string (for example, dGVzdC5hY2NvdW50QGNvbXBhbnkuY29tOmFjY291bnRwYXNzd29yZA for the credentials above)

Store token in a variable

Storing the authorization token provides a convenient option for adding the token to the API request headers.

  • Open the local environment settings and select the environment to use.
  • Click +Add New Variable to open the environment settings dialog box.
  • Enter the variable name, and copy the encoded string generated earlier into the value box. Here we are using the variable name auth-token.
  • Click the Update button to save the updated environment.

Add token to request header

You need to add the token to the request headers in order to get access to the resource.

  • From API Editor, select Headers in the section for the request, and click on +Add header to open a new header item box.
  • In Name box, enter Authorization. In the value box, enter Basic {{{variableName}}}. In our example, we used the variable name auth-token.
When the API request is saved to a collection, the authorization token will be accessible to anyone with access to the collection. All collections are shared across the entire organization. So do not use any sensitive login credentials that should not be accessible others.

Once the authorization token is added to the header, all the subsequent operations with the API can proceed normally.

How did we do?