Search tools

Find a tool by name or what it does.

Basic Auth Header Generator

Turn a username and password into an HTTP Basic Authorization header, with the raw token and a ready-to-copy curl or fetch snippet.

Credentials

Everything runs in your browser. Nothing is uploaded.

Options

Snippet format

Used only in the snippet. A placeholder is shown when left blank.

Result

Enter a username and password to build the header.

How to generate an HTTP Basic auth header online

  1. Enter your credentials

    Type the username and password for the account you want to authenticate as.

  2. Read the header

    The tool joins them and shows the full Authorization: Basic header along with the raw encoded token.

  3. Grab a snippet

    Switch between a curl command and a fetch call to copy a request that already carries the header.

  4. Copy what you need

    Copy the header, the token, or the snippet with one click and paste it straight into your client.

Why use this tool

Full header and raw token

Get the complete Authorization: Basic line and the standalone encoded token, each with its own copy button.

curl and fetch snippets

Switch between a curl -H command and a JavaScript fetch call that already carry the header, ready to paste into a terminal or script.

Handles any characters

Usernames and passwords are read as UTF-8, so accents, symbols, and emoji encode correctly, and colons inside the password are preserved.

Optional prefix and URL

Toggle the Authorization: prefix on or off, and drop in a request URL so the snippet is ready to run.

Live as you type

The header rebuilds on every keystroke, with no button to press.

Runs entirely in your browser

Your username and password never leave your device and are never uploaded.

About this tool

HTTP Basic authentication is the simplest way to attach credentials to a request. The server expects an Authorization header whose value is the word Basic followed by your username and password joined with a colon and Base64 encoded. This tool builds that header for you: enter a username and password and it produces the full Authorization: Basic line, the raw encoded token on its own, and a request snippet, all updating live as you type.

The encoding follows the standard exactly. Your username and password are joined with a single colon and read as UTF-8, so accented letters, symbols, and other non-ASCII characters are handled correctly. Only the first colon separates the two fields, which means a password can safely contain colons of its own. An empty password is allowed, and the tool warns you when a username contains a colon, since that is not valid in HTTP Basic auth.

Reach for this when you are testing an API by hand, wiring up a script, or adding an Authorization header to a REST client. You can copy the full header value, the token alone for tools that ask for the header name and value separately, or a ready-to-run curl or fetch snippet. Remember that Base64 is an encoding, not encryption, so anyone who sees the header can read the credentials, and Basic auth should only travel over HTTPS. To decode a token back into text use the Base64 encoder, and to inspect a signed token instead of Basic credentials try the JWT decoder.

Frequently asked questions

What is an HTTP Basic Authorization header?
It is the header a client sends to prove its identity with Basic authentication. The value is the word Basic followed by a space and the Base64 of your username and password joined by a colon, for example Authorization: Basic dXNlcjpwYXNz.
How is the header built?
The username and password are joined with a single colon into username:password, that text is read as UTF-8, and the bytes are Base64 encoded. The word Basic and a space are placed in front to form the header value.
Can the password contain a colon or be empty?
Yes to both. Only the first colon separates the username from the password, so any colons after that stay part of the password. An empty password is valid and still produces a header. A colon in the username is not valid, and the tool flags it.
Does it support non-ASCII usernames and passwords?
Yes. Credentials are encoded as UTF-8 before Base64, so accents, symbols, and emoji round-trip correctly. Some older servers expect a different byte encoding, so confirm your server accepts UTF-8 if you use characters beyond ASCII.
Is Basic authentication secure?
Base64 is an encoding, not encryption, so anyone who can read the header can recover the username and password instantly. Only send Basic auth over HTTPS, and prefer stronger schemes such as tokens where you can.
Is my username or password uploaded anywhere?
No. The header is built entirely in your browser. Your username and password never leave your device, are never sent to a server, and are not stored or logged.

Related tools