You have found an old page
Visit the new DocsWhat is Basic Auth?
In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request. HTTP Basic authentication (BA) implementation is the simplest technique for enforcing access controls to web resources because it doesn’t require cookies, session identifiers, or login pages; rather, HTTP Basic authentication uses standard fields in the HTTP header, obviating the need for handshakes. (Source: wikipedia)
Basic Authentication is a standard authentication mechanism supported by every standards-compliant http server, it is also supported by almost every single web browser, which makes it an excellent access control method for smaller APIs.
However, a serious drawback of Basic Authentication is that credentials are transferred in encoded plaintext over the wire, this can be a serious concern for API owners and should therefore only ever be used in conjunction with TLS such as SSL.
A basic auth request will have an Authorization
header where the value will be of the form:
Basic base64Encode(username:password)
This means a real request would look something like:
GET /api/widgets/12345 HTTP/1.1
Host: localhost:8080
Authorization: Basic am9obkBzbWl0aC5jb206MTIzNDU2Nw==
Cache-Control: no-cache
In the above example the username is john@smith.com
and the password is 1234567
.
Tyk supports using basic authentication as an access key in the same way as any other access method.