Basic Auth Generator

Build an HTTP Basic Authorization header from a username and password.

Built in your browser — nothing is sent anywhere.

Frequently asked questions

What is HTTP Basic authentication?

Basic authentication is a simple scheme where the client sends a username and password with each request, encoded in an Authorization header. The server decodes it to check the credentials.

How is the Basic auth header built?

The username and password are joined with a colon, Base64-encoded, and prefixed with the word Basic to form the Authorization header value. This tool produces that complete header for you.

Is Base64 encoding the same as encryption?

No. Base64 is just reversible encoding, not encryption, so anyone who sees the header can decode the credentials. Basic auth should only be used over HTTPS to keep it protected in transit.

Are my username and password sent anywhere?

No. The header is generated entirely in your browser, so your credentials are never uploaded. They stay on your device.

Why should I only use Basic auth over HTTPS?

Because the credentials are only Base64-encoded and trivially decoded, sending them over plain HTTP would expose them to anyone watching the traffic. HTTPS encrypts the connection so the header cannot be read in transit.

How do I use the generated header?

Add it to your request as an Authorization header with the generated value, for example in a curl command or an API client. The server then decodes and verifies the credentials.

Can I decode a Basic auth header back to the username?

The encoding is reversible, so a Base64 decode of the part after the word Basic reveals the original username and password joined by a colon. That is exactly why it must travel over HTTPS.