The HTTP Authorization request header is used to provide credentials for a user, authorizing the client to interact with a protected resource.
The Authorization request header is used to obtain access to a protected resource and is typically sent after the client is informed that access is restricted. For example, after receiving a 401 Unauthorized HTTP response from the server that includes the WWW-Authenticate header, the client can submit credentials in this fashion.
authentication-scheme is a mandatory directive and it can be accompanied by other scheme-specific parameters. It defines the HTTP method in which credentials are encoded and common approaches include
In this example, the client uses the basic Authentication scheme. As a required parameter, the credentials are a base64-encoded
Authorization: Basic RXhhbXBsZTphaQ==
The Authorization request header is used as a method of supplying credentials to a server in an attempt to interact with a protected resource.