Basic Auth Generator

HTTP Authentication Header Creator

Generate HTTP Basic Authentication headers for API testing and decode existing headers. Includes ready-to-use curl and fetch examples.

How to Use

Choose Mode
Select 'Encode' to create an Authorization header from username/password, or 'Decode' to extract credentials from existing header
Enter Credentials
Input username and password (for encoding) or paste the Authorization header value (for decoding)
Get Result
Click the button to generate header or decode credentials. Copy the curl/fetch examples for immediate use

All encoding and decoding happens in your browser using Base64. No credentials are sent to servers.

Basic認証ジェネレーター

Create an Authorization: Basic header from username and password. Perfect for API testing.

Username

Password

form.result_title

Authorization Header

form.curl_example

form.fetch_example

Extract username and password from an existing Basic Auth header. Useful for debugging.

form.auth_header_input

form.decoded_result

Username

Password

Use Cases

API Testing

Generate Basic Auth headers for testing REST APIs that require authentication. Copy the curl command and run immediately.

Debug Authentication

Decode existing Authorization headers to verify credentials and troubleshoot authentication failures.

Integration Scripts

Generate headers for automated scripts, CI/CD pipelines, or integration tests that need API authentication.

Learn HTTP Auth

Understand how HTTP Basic Authentication works by encoding/decoding credentials and seeing the Base64 format.

Quick Prototyping

Rapidly test API endpoints during development without writing authentication code first.

Documentation Examples

Generate curl and fetch examples for API documentation showing how to authenticate.

What is HTTP Basic Authentication?

HTTP Basic Authentication is a simple authentication scheme built into the HTTP protocol. It sends credentials (username:password) encoded in Base64 in the Authorization header.

How Basic Auth Works

The client sends username and password as 'username:password', encodes it in Base64, and adds it to the Authorization header as 'Basic <base64>'. The server decodes it and verifies credentials. It's simple but requires HTTPS for security.

When to Use Basic Auth

Use Basic Auth for simple APIs, internal tools, or development/testing. It's perfect for quick authentication without complex OAuth flows. However, always use HTTPS - Basic Auth sends credentials that can be easily decoded if intercepted.

Security Considerations

Always use HTTPS when using Basic Auth - Base64 is encoding, not encryption. Anyone can decode it. For production APIs serving public users, consider OAuth 2.0 or JWT. Basic Auth is best for server-to-server communication or internal tools with HTTPS.

Frequently Asked Questions

Is Base64 encoding secure?

No! Base64 is encoding, not encryption. Anyone can decode it. Always use HTTPS (not HTTP) when sending Basic Auth headers. HTTPS encrypts the entire request including headers, protecting your credentials.

What's the format of a Basic Auth header?

Format: 'Authorization: Basic <base64>' where <base64> is the Base64-encoded string of 'username:password'. Example: 'Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=' (username:password).

Can I use Basic Auth for production APIs?

Yes, but only over HTTPS and preferably for server-to-server communication or internal tools. For public-facing APIs with user accounts, OAuth 2.0 or JWT is better. Basic Auth is fine for simple use cases with proper HTTPS.

How do I send Basic Auth with curl?

Use the -u flag: 'curl -u username:password https://api.example.com'. curl automatically creates the Authorization header. Or manually: 'curl -H "Authorization: Basic <base64>" https://api.example.com'.

How do I send Basic Auth with JavaScript fetch?

Add the header: fetch('https://api.example.com', {headers: {'Authorization': 'Basic ' + btoa('username:password')})}. The btoa() function does Base64 encoding in browsers.

What if my password contains a colon (:)?

It's fine! Only the first colon separates username and password. If password is 'pass:word' and username is 'user', it becomes 'user:pass:word' and decodes correctly.

Can I use special characters in username/password?

Yes! Base64 encoding handles all characters including unicode. Just make sure to use UTF-8 encoding when creating the 'username:password' string before Base64 encoding.

Does this tool send my credentials to a server?

No! All encoding/decoding happens in your browser using JavaScript's btoa()/atob() functions. Nothing is sent to any server. You can disconnect from the internet and it still works.