Tyk v2.2 Documentation Components

  1. Home
  2. Tyk v2.2 Documentation Components
  3. What is Basic Auth?

What is Basic Auth?

In the context of an HTTP transaction, basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request. HTTP Basic authentication (BA) implementation is the simplest technique for enforcing access controls to web resources because it doesn’t require cookies, session identifiers, or login pages; rather, HTTP Basic authentication uses standard fields in the HTTP header, obviating the need for handshakes. (Source: wikipedia)

Basic Authentication is a standard authentication mechanism supported by every standards-compliant http server, it is also supported by almost every single web browser, which makes it an excellent access control method for smaller APIs.

However, a serious drawback of Basic Authentication is that credentials are transferred in encoded plaintext over the wire, this can be a serious concern for API owners and should therefore only ever be used in conjunction with TLS such as SSL.

A basic auth request will have an Authorization header where the value will be of the form:

Basic base64Encode(username:password)

This means a real request would look something like:

GET /api/widgets/12345 HTTP/1.1
Host: localhost:8080
Authorization: Basic am9obkBzbWl0aC5jb206MTIzNDU2Nw==
Cache-Control: no-cache

In the above example the username is john@smith.com and the password is 1234567.

Tyk supports using basic authentication as an access key in the same way as any other access method.