Basic Auth header generator
ClientEncode username and password into an Authorization header—pair with HTTP headers reference or HTTP fetch test.
About Basic Auth header
Build Authorization Basic and curl -u from username and password—UTF-8 Base64 in your browser. The interactive transform on this page runs in your browser tab—Toolcore does not need your paste for the core operation described above.
How to use this page
Paste or type in the main workspace, run the primary action from the toolbar, then copy or download the result. Use Load example when the page offers it, or URL prefill (?q= / ?qb=) so agents and tickets open the same input.
Limits and safety
Utilities here are for development and inspection—do not paste live production keys, PANs, or recovery codes into any browser tab you do not control.
Authorization: Basic YXBpOnNlY3JldA==
curl -u 'api:secret'
Credentials stay in your browser. Do not share URLs with passwords in query strings.
Nearby workflows on Toolcore
- HTTP headers — Common request and response header fields—names, direction, and short summaries—filterable client-side. before you trust a token, digest, or key material in production.
- HTTP fetch test — Send GET/POST and other methods from your browser—see status and body; CORS limits apply. before you trust a token, digest, or key material in production.
- JWT decode — Inspect JWT header and payload as JSON in browser; signature not verified. before you trust a token, digest, or key material in production.
- HMAC (SHA-256 & more) — HMAC-SHA-256/384/512/1 in the browser—hex or Base64 for webhooks, signing, and API docs. before you trust a token, digest, or key material in production.
Common use cases
- Draft a Basic Auth header for staging API smoke tests.
- Copy curl -u credentials for a quick repro without storing them in shell history scripts.
- Verify how non-ASCII usernames encode before wiring a client.
Common mistakes to avoid
Sending secrets in URLs
Never put passwords in query strings or share prefilled links publicly.
Assuming Basic Auth is enough
Use HTTPS only; Basic sends reversible Base64, not encryption.
FAQ
Is this the same as Bearer JWT?
No—Basic encodes user:password. Use the JWT tools for token headers.
Can I decode an existing header?
This page generates headers only; paste credentials to rebuild the value.
Common search terms
Phrases people search for that match this tool. See the full long-tail keyword index.
- basic auth header generator online
- authorization basic base64 username password
- generate curl u flag credentials browser
- http basic authentication header tool
More tools
Related utilities you can open in another tab—mostly client-side.
HTTP headers
ClientCommon request and response header fields—names, direction, and short summaries—filterable client-side.
HTTP fetch test
ClientSend GET/POST and other methods from your browser—see status and body; CORS limits apply.
JWT decode
ClientInspect JWT header and payload as JSON in browser; signature not verified.
HMAC (SHA-256 & more)
ClientHMAC-SHA-256/384/512/1 in the browser—hex or Base64 for webhooks, signing, and API docs.