Quick start
-
Encode
Enter username and password to get the full Authorization value.
-
Decode
Paste header with or without the Basic prefix.
Build `Basic base64(user:pass)` headers or parse existing ones for curl and API debugging.
Read the full guide: HTTP Basic and htpasswd: Use Cases, Generation, and Security →
Privacy: processed locally, never uploaded.
↓ Paste in the input area below to see results instantly
Basic dXNlcjpwYXNzd29yZA==
Basic Auth is Base64 encoding, not encryption. Always use HTTPS; prefer OAuth or Bearer tokens in production.
Build `Basic base64(user:pass)` headers or parse existing ones for curl and API debugging.
Encode
Enter username and password to get the full Authorization value.
Decode
Paste header with or without the Basic prefix.
Basic Auth is not encrypted; always use HTTPS and prefer short-lived tokens in production.
When debugging APIs, you often need to send authentication credentials to the server. Simply enter your username and password here to generate a standard `Basic dXNlcjpwYXNz` Authorization header. Copy it into your HTTP request headers for instant authentication setup.
The reverse operation is equally useful. When you encounter a Basic Auth header in logs or documentation, paste it here to reveal the plaintext credentials. This is invaluable for troubleshooting authentication issues without manual base64 decoding.
Input
user:password
Output
Basic dXNlcjpwYXNzd29yZA==
UTF-8 then Base64; some servers restrict colons in credentials.
Basic Auth transmits credentials in base64-encoded (not encrypted) form. Without HTTPS, they can be intercepted. Even with HTTPS, browsers may cache headers indefinitely. For critical systems, consider OAuth or JWT instead.