Bird
Raised Fist0
Rest APIprogramming~20 mins

Basic authentication in Rest API - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Basic Authentication Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this Basic Authentication header decoding?
Given the HTTP header Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l, what is the decoded username and password?
Rest API
import base64
header = 'Basic QWxhZGRpbjpPcGVuU2VzYW1l'
encoded = header.split()[1]
decoded = base64.b64decode(encoded).decode('utf-8')
print(decoded)
A"QWxhZGRpbjpPcGVuU2VzYW1l"
B"Aladdin-OpenSesame"
C"Aladdin:OpenSesame"
D"Basic QWxhZGRpbjpPcGVuU2VzYW1l"
Attempts:
2 left
💡 Hint
Remember Basic Authentication encodes username and password as base64 of 'username:password'.
🧠 Conceptual
intermediate
1:30remaining
What error occurs if the Basic Authentication header is missing?
If a REST API endpoint requires Basic Authentication but the client sends no Authorization header, what HTTP status code should the server respond with?
A401 Unauthorized
B403 Forbidden
C400 Bad Request
D404 Not Found
Attempts:
2 left
💡 Hint
Think about what status code means 'authentication required'.
🔧 Debug
advanced
2:30remaining
Why does this Basic Authentication code fail to authenticate?
This Python code snippet is intended to check Basic Authentication but always fails. Why? 
auth_header = request.headers.get('Authorization')
if auth_header:
    encoded = auth_header.split(' ')[1]
    decoded = base64.b64decode(encoded).decode('utf-8')
    username, password = decoded.split(':')
    if username == 'admin' and password == '1234':
        return 'Access granted'
return 'Access denied'
Rest API
auth_header = request.headers.get('Authorization')
if auth_header:
    encoded = auth_header.split(' ')[1]
    decoded = base64.b64decode(encoded).decode('utf-8')
    username, password = decoded.split(':')
    if username == 'admin' and password == '1234':
        return 'Access granted'
return 'Access denied'
AThe code uses 'Authorization' header but should use 'Authentication' header.
BThe base64 decoding is done incorrectly; it should decode to bytes, not string.
CThe split(':') fails because the decoded string uses a comma instead of colon.
DThe code does not handle missing or malformed Authorization header properly, causing exceptions.
Attempts:
2 left
💡 Hint
Consider what happens if the header is missing or malformed.
📝 Syntax
advanced
2:00remaining
Which option correctly forms a Basic Authentication header in Python?
You want to create a Basic Authentication header for username 'user' and password 'pass'. Which code snippet correctly creates the header string?
A
import base64
credentials = 'user:pass'
header = 'Basic ' + base64.encode(credentials)
B
import base64
credentials = 'user:pass'
header = 'Basic ' + base64.b64encode(credentials.encode()).decode()
C
import base64
credentials = 'user:pass'
header = 'Basic ' + base64.b64decode(credentials.encode()).decode()
D
import base64
credentials = 'user:pass'
header = 'Basic ' + base64.b64encode(credentials)
Attempts:
2 left
💡 Hint
Remember to encode string to bytes before base64 encoding, then decode back to string.
🚀 Application
expert
3:00remaining
How many valid username-password pairs can be extracted from this Basic Authentication header?
Given the HTTP header Authorization: Basic dXNlcjE6cGFzczEsdXNlcjI6cGFzczI=, how many valid username-password pairs does it contain when decoded?
A1
B2
C0
D3
Attempts:
2 left
💡 Hint
Basic Authentication encodes a single 'username:password' pair, not multiple pairs separated by commas.

Practice

(1/5)
1. What does Basic Authentication in REST API primarily use to verify a user?
easy
A. An API key sent as a query parameter
B. A username and password encoded in base64 sent in the Authorization header
C. OAuth tokens in the request body
D. IP address filtering

Solution

  1. Step 1: Understand Basic Authentication mechanism

    Basic Authentication sends a username and password encoded in base64 in the Authorization header.

  2. Step 2: Compare with other authentication methods

    API keys, OAuth tokens, and IP filtering are different methods, not Basic Authentication.

  3. Final Answer:

    A username and password encoded in base64 sent in the Authorization header -> Option B

  4. Quick Check:

    Basic Auth = username:password base64 in header [OK]
Hint: Basic Auth always uses base64 username:password in header [OK]
Common Mistakes:
  • Confusing Basic Auth with API key or OAuth
  • Thinking credentials are sent in URL or body
  • Ignoring base64 encoding step
2. Which of the following is the correct format of the Authorization header for Basic Authentication?
easy
A. Authorization: ApiKey base64encodedstring
B. Authorization: Bearer base64encodedstring
C. Authorization: Token base64encodedstring
D. Authorization: Basic base64encodedstring

Solution

  1. Step 1: Recall the header format for Basic Authentication

    The header must start with the word 'Basic' followed by a space and then the base64 encoded credentials.

  2. Step 2: Eliminate other header types

    'Bearer', 'Token', and 'ApiKey' are used in other authentication schemes, not Basic Auth.

  3. Final Answer:

    Authorization: Basic base64encodedstring -> Option D

  4. Quick Check:

    Basic Auth header starts with 'Basic' [OK]
Hint: Basic Auth header always starts with 'Basic ' [OK]
Common Mistakes:
  • Using 'Bearer' instead of 'Basic'
  • Omitting the space after 'Basic'
  • Confusing with other auth schemes
3. Given the username 'user' and password 'pass', what is the value of the Authorization header in Basic Authentication?
medium
A. Authorization: Basic dXNlcjpwYXNz
B. Authorization: Basic dXNlcjpwYXNzCg==
C. Authorization: Basic dXNlcjpwYXNzdA==
D. Authorization: Basic dXNlcjpwYXNzZA==

Solution

  1. Step 1: Combine username and password with colon

    Combine 'user' and 'pass' as 'user:pass'.

  2. Step 2: Encode 'user:pass' in base64

    Encoding 'user:pass' in base64 results in 'dXNlcjpwYXNzdA=='.

  3. Final Answer:

    Authorization: Basic dXNlcjpwYXNzdA== -> Option C

  4. Quick Check:

    Base64('user:pass') = dXNlcjpwYXNzdA== [OK]
Hint: Encode 'username:password' in base64 for header value [OK]
Common Mistakes:
  • Encoding username and password separately
  • Adding extra characters or padding incorrectly
  • Using wrong base64 string
4. What is wrong with this Basic Authentication header?
Authorization: Basic user:pass
medium
A. The username and password are not base64 encoded
B. The header should be 'Bearer' not 'Basic'
C. The colon ':' should be replaced with a comma ','
D. The header is missing the word 'Authorization'

Solution

  1. Step 1: Check the format of the Authorization header

    The header must have the credentials base64 encoded after 'Basic '.

  2. Step 2: Identify the error in the given header

    The given header has 'user:pass' in plain text, not base64 encoded.

  3. Final Answer:

    The username and password are not base64 encoded -> Option A

  4. Quick Check:

    Basic Auth requires base64 encoding [OK]
Hint: Credentials must be base64 encoded, not plain text [OK]
Common Mistakes:
  • Sending plain text credentials
  • Confusing 'Basic' with 'Bearer'
  • Misplacing colon or other punctuation
5. You want to protect a REST API endpoint using Basic Authentication. Which of the following is the best practice?
hard
A. Use HTTPS to encrypt the connection and send base64 encoded credentials in the Authorization header
B. Send username and password in plain text over HTTP
C. Send credentials as URL parameters for easy access
D. Use Basic Authentication without encoding credentials

Solution

  1. Step 1: Understand security risks of Basic Authentication

    Basic Auth sends credentials encoded but not encrypted, so it must be used over HTTPS to protect data.

  2. Step 2: Identify best practice for secure API protection

    Using HTTPS encrypts the entire connection, making base64 encoded credentials safe to transmit.

  3. Final Answer:

    Use HTTPS to encrypt the connection and send base64 encoded credentials in the Authorization header -> Option A

  4. Quick Check:

    Basic Auth + HTTPS = secure transmission [OK]
Hint: Always use HTTPS with Basic Auth for security [OK]
Common Mistakes:
  • Sending credentials over HTTP (not secure)
  • Putting credentials in URL parameters
  • Skipping base64 encoding