Authorization

The HTTP Authorization request header is used to provide credentials for a user, authorizing the client to interact with a protected resource.

Table of Contents

Usage
Directives
- authentication-scheme`
Example
Takeaway
See also

Usage

The Authorization request header is used to obtain access to a protected resource and is typically sent after the client is informed that access is restricted. For example, after receiving a 401 Unauthorized HTTP response from the server that includes the WWW-Authenticate header, the client can submit credentials in this fashion.

Directives

authentication-scheme`

The authentication-scheme is a mandatory directive and it can be accompanied by other scheme-specific parameters. It defines the HTTP method in which credentials are encoded and common approaches include Basic, Digest, and Negotiate.

Example

In this example, the client uses the basic Authentication scheme. As a required parameter, the credentials are a base64-encoded username:password pair.

Authorization: Basic RXhhbXBsZTphaQ==

Takeaway

The Authorization request header is used as a method of supplying credentials to a server in an attempt to interact with a protected resource.