What is Curl?
Curl is an open-source command-line tool for transferring data to or from the server using URL syntax. Curl supports over 25+ protocols, including HTTP, HTTPS, SFTP, FTP, and has built-in support for proxy, HTTP Cookies, SSL certificates. Curl is ideal for testing test APIs and works on platforms Linux, Windows, and macOS.
What is Basic Authentication?
Basic Authentication is a method for an HTTP client (such as a web browser) to provide a username and password to the server when making an HTTP request to protected resources. For Basic Authentication, the client sends an HTTP request header field in the form "Authorization: Basic base64String," where the base64String is a Base64-encoded username and password concatenated with a single colon. Basic authentication is not the most secure authentication method because the username and password can be easily decrypted from the base64 string. For security reasons, Basic Authentication should only be used over HTTPS/SSL connections.
Can I send Basic Auth Credentials using Curl?
Yes, Curl has built-in support for basic HTTP server authorization. To make a Curl request with basic authorization credentials, you need to use the following command-line parameter: -u username:password (or --user). Curl automatically converts the provided username:password pair into a Base64-encoded string and adds an appropriate HTTP header "Authorization: Basic bG9naW46cGFzc3dvcmQ=" to the request. If you omit part of the password in the command-line parameter, Curl will prompt the user for a password.
Curl Basic Authentication Examples
The following are examples of sending a Curl request with basic authentication:
Sending Credentials to Curl
To pass credentials using Basic Authentication, you can use the -u or --user command-line option. The following is an example of sending Basic Auth credentials to the ReqBin echo URL:
Alternative Curl Basic Authentication Method
Alternatively, you can pass the basic auth credentials using the Curl -H "Authorization: Basic [token]" command-line option. The -H parameter passes the authorization header to the server, like any other custom header, without additional processing.