You can use the Basic auth policy to protect HTTP Request flows with basic access authentication. Then, if someone sends a request to the flow, they must include a username and password in the HTTP headers of the request. If they don't, the request will be rejected.

This topic explains how to create and use a Basic auth policy.

Step 1: Create an auth policy

  1. Open a project.
  2. In the sidebar, click Auth policies.
  3. Click Add auth policy.
  4. In the Auth Policy Name field, enter a name for the policy.
  5. Select Auth Policy Type > Basic.
  6. In the Username field, enter a username.
  7. In the Password field, enter a password.
  8. Click Save.

Step 2: Assign the policy to a flow

  1. In an HTTP Request flow, open the Start (HTTP Request) component.
  2. From the Authentication dropdown, select the auth policy.
  3. Close the component's settings.
  4. Click Save.

Step 3: Send an unauthenticated request

Click the Run button.

The request should fail and the following error should appear in the Output tab:

Failed to pass auth policy. StatusCode: 401 Message: A Basic Authentication should be provided.

This confirms that the auth policy is enabled.

Step 4: Send an authenticated request

  1. Convert the auth policy's credentials into a base64-encoded string. (This is a requirement of basic access authentication, not FL0.)

    1. Concatenate the credentials into a colon-separated string:

      admin:password
      
    2. Use base64encode.org (or a similar tool) to encode the string:

      YWRtaW46cGFzc3dvcmQ=
      
  2. In the Input tab, create an Authorization header:

    Authorization
    
  3. Set the value of the Authorization header to Basic, followed by the encoded credentials:

    Basic YWRtaW46cGFzc3dvcmQ=
    
  4. Click Run.

This time, the request should succeed.