Alex Lima

What is “Authorization: Basic” in the cURL API calls

Published by

Alex Lima

on

The -H ‘Authorization: Basic …’ flag in a curl command sets the HTTP Authorization header using Basic Authentication.

Basic authentication is a simple HTTP authentication scheme that allows a client to provide a username and password when requesting access to a protected resource. The credentials are typically encoded in Base64 and sent in an Authorization header. 

While simple and easy to implement, it’s also one of the least secure authentication methods, as it transmits credentials in plain text. 

echo "## Creating GoldenGate User for Distribution Path"
echo "###############################################################"
curl -X POST 'http://'$ogg_ip':'$ogg_port'/services/v2/authorizations/Operator/oggnet' \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H 'Authorization: Basic b2dnYWRtaW46V2VsY29tZTEyMyMj' \
-d '{
"credential":"'$GLOBAL_PASS'",
"info":"Distribution Path User"
}'

Breakdown:

  • -H means “add an HTTP header”.
  • ‘Authorization: Basic …’ is the actual header being added.
  • Basic indicates the authentication scheme.
  • The part after Basic is a Base64-encoded string of the format: username:password

Example:

If your username is oggadmin and password is Welcome##123, the command:

echo -n "oggadmin:Welcome123##" | base64

outputs something like:

b2dnYWRtaW46V2VsY29tZTEyMyMj

So your curl command becomes:

curl -H "Authorization: Basic b2dnYWRtaW46V2VsY29tZTEyMyMj" https://localhost:9090/<endpoint>

Encrypting the entire request with HTTPS is the best practice for securing your personal information, including headers (like Authorization) and payload.

Note:

Instead of manually encoding credentials, curl provides a more straightforward method with username and password (again insecure):

curl -u admin:mypassword https://localhost:9090/<endpoint>

This automatically adds the correct Authorization: Basic header.

You can play with Encode and Decode Base64 here: https://passwords-generator.org/base64-encode

Best

Always ensure the API endpoint uses HTTPS, not HTTP.

curl -X GET https://api.example.com/resource

Why: HTTPS encrypts the entire HTTP request, including credentials, preventing interception by attackers.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Post
Next Post

Alex Lima

About

Taking one day at a time.

Follow Us

Blog at WordPress.com.