Basic Auth Generator & Decoder - HTTP Authorization Header
Free online Basic Auth header generator and decoder. Create HTTP Basic Authorization headers from credentials or decode existing headers instantly.
What Is a Basic Auth Generator & Decoder?
A Basic Auth Generator & Decoder is a tool for working with HTTP Basic Authentication headers. HTTP Basic Auth is a simple authentication scheme built into the HTTP protocol where the client sends a username and password encoded in Base64 as part of the Authorization header. The format is 'Basic base64(username:password)'. This tool lets you generate a properly formatted header from credentials, or decode an existing header back into its username and password components. It's commonly used when working with REST APIs, web servers, and development environments that require Basic Authentication.
How to Use the Basic Auth Tool
- Select the 'Generate' tab to create an Authorization header, or 'Decode' to extract credentials from one.
- To generate: enter a username and password. The tool instantly creates the 'Basic encoded' header string.
- Copy the generated header using the copy button to use in API requests, curl commands, or configuration files.
- To decode: paste a 'Basic ...' Authorization header value. The tool decodes the Base64 and displays the username and password.
- The tool automatically handles the 'Basic ' prefix in both modes — you can paste with or without it.
Common Use Cases
- API Testing — Generate Basic Auth headers for use in tools like curl, Postman, or fetch requests when testing APIs that require Basic Authentication.
- Configuration Setup — Create encoded authorization strings for web server configuration files, proxy settings, or CI/CD pipeline variables.
- Debugging Auth Issues — Decode Authorization headers from HTTP logs or network captures to verify that the correct credentials are being sent.
- Documentation — Generate example Authorization headers for API documentation, showing developers the exact format they need to use.
FAQ
Is HTTP Basic Auth secure?
Basic Auth encodes credentials in Base64, which is trivially reversible — it is not encryption. It should only be used over HTTPS connections. For production applications, consider more secure alternatives like OAuth2 Bearer tokens or API keys.
Can I use special characters in the password?
Yes. The username and password are joined with a colon and Base64-encoded together. Special characters, spaces, and unicode characters are all supported, though some older servers may have issues with non-ASCII characters.
Why does decoding show the wrong password?
If the password contains a colon character, the decoder splits on the first colon only, so the password will include any subsequent colons. This matches the HTTP Basic Auth specification (RFC 7617) where only the first colon is treated as the separator.
How do I use the generated header in a curl command?
Use the -H flag: curl -H 'Authorization: Basic dXNlcjpwYXNz' https://api.example.com. Alternatively, curl has built-in Basic Auth support with the -u flag: curl -u username:password https://api.example.com.