🔒

Basic Auth Generator

Generate HTTP Basic Auth headers

Username
Password
🔒 Client-side only — credentials are never transmitted

About Basic Auth Generator

HTTP Basic Auth encodes username:password in Base64 and sends it in the Authorization header. Simple but still common for internal APIs, CI/CD tokens, Nginx protected routes, and quick prototypes. Enter the username and password, get the complete header value ready to paste into curl, Postman, Insomnia, or fetch(). Also generates a curl example with the header pre-populated. Decode mode goes in reverse — paste a Basic Auth header (with or without the "Basic " prefix) and see the original credentials.

Common Use Cases

  • Generating the Authorization header for curl requests against Basic Auth APIs
  • Setting up Basic Auth in Postman or Insomnia without manual Base64 encoding
  • Decoding Basic Auth headers from API logs when debugging
  • Testing Basic Auth protected routes during development

Frequently Asked Questions

How does HTTP Basic Auth work?+
The client Base64-encodes "username:password" and sends it as "Authorization: Basic <encoded>". The server decodes and verifies. It must be used over HTTPS — Base64 provides zero protection against interception.
Is Basic Auth secure?+
Over HTTPS, the credentials are protected by TLS. Over plain HTTP, anyone who intercepts the request can decode the credentials immediately. Prefer API keys or OAuth for production, but Basic Auth is fine for internal tools over HTTPS.
What is the correct header format?+
"Authorization: Basic " followed by Base64("username:password"). Example: username "ada", password "secret" → Base64("ada:secret") = "YWRhOnNlY3JldA==" → "Authorization: Basic YWRhOnNlY3JldA==".
Can the password contain a colon?+
Yes. The format splits on the first colon only, so colons in the password are fine. Colons in the username would break parsing.