正在加载,请稍候…

How to Send Basic Auth in curl, Postman, fetch, and Python

Copy-paste examples for sending HTTP Basic Authentication from curl, Postman, JavaScript fetch, Python requests, and Node.js — plus the common mistakes that cause 401s.

The One Thing Every Example Does

Basic Auth always reduces to one header: Authorization: Basic base64(username:password). Every tool below either builds that header for you or lets you set it directly. If you just need the encoded value, paste your credentials into the Basic Auth generator and copy the header.

curl

The -u flag is the shortcut — curl encodes the credentials for you:

curl -u admin:secret123 https://api.example.com/data

Or set the header explicitly (useful when scripting):

curl -H "Authorization: Basic $(printf '%s' 'admin:secret123' | base64)" \
  https://api.example.com/data

Use printf (not echo) so no trailing newline corrupts the token.

Postman

  1. Open the request → Authorization tab.
  2. Type: Basic Auth.
  3. Enter Username and Password.

Postman builds the Authorization header automatically and shows it under the Headers tab. Make sure the request URL is https — Postman will happily send credentials over http, but you should not.

JavaScript fetch

const credentials = btoa('admin:secret123');
const res = await fetch('https://api.example.com/data', {
  headers: { Authorization: `Basic ${credentials}` },
});

btoa() runs in the browser. In Node.js use Buffer.from('admin:secret123').toString('base64') instead.

Python requests

import requests

res = requests.get(
    'https://api.example.com/data',
    auth=('admin', 'secret123'),  # requests builds the header for you
)

Node.js (built-in)

const token = Buffer.from('admin:secret123').toString('base64');
const res = await fetch('https://api.example.com/data', {
  headers: { Authorization: `Basic ${token}` },
});

Why It Returns 401 When the Password Is Right

Almost every "correct password but still 401" case is one of these:

  • A trailing newline from echo instead of echo -n / printf.
  • A missing or lowercase Basic prefix.
  • A colon inside the username (only the password may contain colons).
  • Sending over http where a proxy strips the header.

Re-encode with printf '%s' 'user:pass' | base64 and compare. If the server keeps rejecting valid credentials, confirm it is actually a 401 and not a 403 — 401 vs 403 explained.

Frequently Asked Questions

How do I send Basic Auth in curl? curl -u username:password https://host, or set -H "Authorization: Basic <token>" where the token is base64(user:pass).

How do I add Basic Auth in fetch? Set the header Authorization: Basic <btoa('user:pass')>. The browser fetch ignores credentials placed in the URL, so set the header explicitly.

Why is my Basic Auth request failing with a correct password? Usually a stray newline from echo, a missing Basic prefix, or a colon in the username. Re-encode with printf '%s' 'user:pass' | base64.

Build the exact header with the Basic Auth generator, and read how the scheme works in The HTTP Authorization Header Explained.