Authorization Header


Authorization Header HTTP Request Header contains the credentials to authenticate a user-agent with a server, usually after the server has responded with a HTTP 401 Unauthorized and the WWW-Authenticate HTTP Response Header.

In the context of an HTTP transaction, HTTP Basic Authentication is an Authentication Method for an HTTP user-agent to provide a user name and password when making a HTTP Request.

Basic Authentication Scheme implementation is the simplest technique for enforcing Access Controls to web resources because it doesn't require cookies, session identifier and login pages. Rather, Basic Authentication Scheme uses static, standard HTTP Header Fields which means that no handshakes have to be done in anticipation.

When the user-agent wants to send the server authentication credentials it may use the Authorization Header [1]


When the server wants the user-agent to authenticate itself towards the server, it must respond appropriately to unauthenticated requests.

Unauthenticated requests should return a response whose header contains a HTTP 401 Not Authorized status and a WWW-Authenticate field.

The WWW-Authenticate HTTP Header Field for basic authentication (used most often) is constructed as following:

WWW-Authenticate: Basic realm="nmrs_m7VKmomQ2YM3:"


When the user-agent wants to send the server authentication credentials it may use the Authorization field. The Authorization field is constructed as follows:

Username and password are combined into a string "username:password". Note that username cannot contain the ":" character.

The resulting string is then encoded using the RFC 2045-MIME variant of Base64, except not limited to 76 char/line.

The authorization method and a space i.e. "Basic " is then put before the encoded string.

For example, if the user agent uses 'Aladdin' as the username and 'open sesame' as the password then the field is formed as follows:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

More Information#

There might be more information for this subject on one of the following: