ToolWren logo ToolWren
ToolWrenTokens › Basic Auth

HTTP Basic Auth Header Generator

Build the Authorization header for HTTP Basic Auth from a username and password, or decode an existing header back to credentials.

100% client-side · nothing is uploaded

Loading tool…

How to use the Basic Auth

  1. Choose Generate or Decode at the top.
  2. To generate: enter a username and password — the Authorization header is built instantly.
  3. To decode: paste a Basic … header (or just the Base64 part) to reveal the username and password.
  4. Click Copy to grab the result. Everything runs in your browser, so credentials never leave your device.

Privacy: this tool runs entirely in your browser. Your input is never sent to, received by, or stored on any server — there are no uploads and no tracking of what you enter.

About Basic Auth

What is HTTP Basic Auth?

HTTP Basic Authentication is the simplest way to send credentials to a server. The username and password are joined with a colon, Base64-encoded, and placed in an Authorization header as 'Basic <encoded>'.

How it works

This tool joins your username and password as user:password, Base64-encodes the result and prefixes it with 'Basic '. Decoding reverses the process to reveal the original credentials.

Security note

Base64 is encoding, not encryption — anyone who sees the header can decode it. Always use Basic Auth over HTTPS, and never reuse important passwords for it.

Frequently asked questions

Is Basic Auth secure?
Only over HTTPS. The Base64 value is trivially decodable, so the transport must be encrypted.
Does this send my credentials anywhere?
No. Encoding and decoding happen entirely in your browser.
What does the header look like?
Authorization: Basic dXNlcjpwYXNz — the part after 'Basic ' is Base64 of user:password.

Understanding Basic Auth in depth

What HTTP Basic Auth is

HTTP Basic Authentication is the simplest standard way for a client to send a username and password to a server. The credentials are combined, encoded and placed in an Authorization header with each request. This tool generates that header from a username and password, and decodes an existing header back into its credentials.

How the header is built

The mechanism is straightforward: the username and password are joined with a colon (user:password), the result is Base64-encoded, and the word Basic is prefixed - producing Authorization: Basic dXNlcjpwYXNz. Decoding simply reverses these steps. The tool shows exactly what the server receives, which is invaluable when debugging APIs.

Why Base64 is not security

A critical point: Base64 is encoding, not encryption. Anyone who intercepts the header can decode it instantly back to the plain username and password (as the decode mode here demonstrates). Basic Auth therefore provides no confidentiality on its own and must always be used over HTTPS, which encrypts the whole request in transit.

Where it is used

Despite its simplicity, Basic Auth is widely used for internal tools, server-to-server API calls, quick prototypes, and protecting staging environments. It is easy to implement and supported everywhere. For public, user-facing authentication, token-based schemes (like JWTs or OAuth) are usually preferred, but Basic Auth remains a common, practical choice behind HTTPS.

Privacy and how to use it

Choose generate or decode, enter the credentials or paste an existing header, and the result updates instantly. Everything happens in your browser, so the credentials are never transmitted - making it safe for constructing and inspecting auth headers while you develop and debug.

Related tools

🔑 JWT🔏 JWT Generator🛰️ CoAP📦 CBOR🚦 HTTP StatusAll Tokens →