Bird
Raised Fist0
Rest APIprogramming~5 mins

Basic authentication in Rest API - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is Basic Authentication in REST APIs?
Basic Authentication is a simple method to secure REST APIs by sending a username and password encoded in Base64 with each request.
Click to reveal answer
beginner
How is the username and password sent in Basic Authentication?
They are combined as 'username:password', then encoded using Base64, and sent in the HTTP header as 'Authorization: Basic <encoded_string>'.
Click to reveal answer
intermediate
Why is Basic Authentication considered insecure over plain HTTP?
Because the Base64 encoded credentials can be easily decoded if intercepted, so it should only be used over HTTPS to encrypt the connection.
Click to reveal answer
intermediate
What HTTP status code does a server return when Basic Authentication fails?
The server returns 401 Unauthorized status code and includes a 'WWW-Authenticate' header to prompt the client for credentials.
Click to reveal answer
beginner
How does a client include Basic Authentication credentials in a REST API request?
The client adds an HTTP header: 'Authorization: Basic <Base64 encoded username:password>'.
Click to reveal answer
What does the 'Authorization' header contain in Basic Authentication?
ABasic followed by Base64 encoded username and password
BBearer token
CAPI key in plain text
DEncrypted JSON Web Token
Why should Basic Authentication be used only over HTTPS?
ABecause HTTP does not support headers
BBecause HTTPS speeds up the request
CBecause Base64 encoding is not encryption and can be decoded easily
DBecause HTTPS changes the username automatically
What HTTP status code indicates failed Basic Authentication?
A404 Not Found
B200 OK
C403 Forbidden
D401 Unauthorized
How are username and password combined before encoding in Basic Authentication?
Ausername,password
Busername:password
Cpassword|username
Dpassword:username
Which header does the server send to request Basic Authentication credentials?
AWWW-Authenticate
BAuthorization
CContent-Type
DAccept
Explain how Basic Authentication works in REST APIs.
Think about how credentials are sent and protected.
You got /4 concepts.
    Describe why Basic Authentication is not secure on its own and how to improve its security.
    Focus on the difference between encoding and encryption.
    You got /4 concepts.

      Practice

      (1/5)
      1. What does Basic Authentication in REST API primarily use to verify a user?
      easy
      A. An API key sent as a query parameter
      B. A username and password encoded in base64 sent in the Authorization header
      C. OAuth tokens in the request body
      D. IP address filtering

      Solution

      1. Step 1: Understand Basic Authentication mechanism

        Basic Authentication sends a username and password encoded in base64 in the Authorization header.

      2. Step 2: Compare with other authentication methods

        API keys, OAuth tokens, and IP filtering are different methods, not Basic Authentication.

      3. Final Answer:

        A username and password encoded in base64 sent in the Authorization header -> Option B

      4. Quick Check:

        Basic Auth = username:password base64 in header [OK]
      Hint: Basic Auth always uses base64 username:password in header [OK]
      Common Mistakes:
      • Confusing Basic Auth with API key or OAuth
      • Thinking credentials are sent in URL or body
      • Ignoring base64 encoding step
      2. Which of the following is the correct format of the Authorization header for Basic Authentication?
      easy
      A. Authorization: ApiKey base64encodedstring
      B. Authorization: Bearer base64encodedstring
      C. Authorization: Token base64encodedstring
      D. Authorization: Basic base64encodedstring

      Solution

      1. Step 1: Recall the header format for Basic Authentication

        The header must start with the word 'Basic' followed by a space and then the base64 encoded credentials.

      2. Step 2: Eliminate other header types

        'Bearer', 'Token', and 'ApiKey' are used in other authentication schemes, not Basic Auth.

      3. Final Answer:

        Authorization: Basic base64encodedstring -> Option D

      4. Quick Check:

        Basic Auth header starts with 'Basic' [OK]
      Hint: Basic Auth header always starts with 'Basic ' [OK]
      Common Mistakes:
      • Using 'Bearer' instead of 'Basic'
      • Omitting the space after 'Basic'
      • Confusing with other auth schemes
      3. Given the username 'user' and password 'pass', what is the value of the Authorization header in Basic Authentication?
      medium
      A. Authorization: Basic dXNlcjpwYXNz
      B. Authorization: Basic dXNlcjpwYXNzCg==
      C. Authorization: Basic dXNlcjpwYXNzdA==
      D. Authorization: Basic dXNlcjpwYXNzZA==

      Solution

      1. Step 1: Combine username and password with colon

        Combine 'user' and 'pass' as 'user:pass'.

      2. Step 2: Encode 'user:pass' in base64

        Encoding 'user:pass' in base64 results in 'dXNlcjpwYXNzdA=='.

      3. Final Answer:

        Authorization: Basic dXNlcjpwYXNzdA== -> Option C

      4. Quick Check:

        Base64('user:pass') = dXNlcjpwYXNzdA== [OK]
      Hint: Encode 'username:password' in base64 for header value [OK]
      Common Mistakes:
      • Encoding username and password separately
      • Adding extra characters or padding incorrectly
      • Using wrong base64 string
      4. What is wrong with this Basic Authentication header?
      Authorization: Basic user:pass
      medium
      A. The username and password are not base64 encoded
      B. The header should be 'Bearer' not 'Basic'
      C. The colon ':' should be replaced with a comma ','
      D. The header is missing the word 'Authorization'

      Solution

      1. Step 1: Check the format of the Authorization header

        The header must have the credentials base64 encoded after 'Basic '.

      2. Step 2: Identify the error in the given header

        The given header has 'user:pass' in plain text, not base64 encoded.

      3. Final Answer:

        The username and password are not base64 encoded -> Option A

      4. Quick Check:

        Basic Auth requires base64 encoding [OK]
      Hint: Credentials must be base64 encoded, not plain text [OK]
      Common Mistakes:
      • Sending plain text credentials
      • Confusing 'Basic' with 'Bearer'
      • Misplacing colon or other punctuation
      5. You want to protect a REST API endpoint using Basic Authentication. Which of the following is the best practice?
      hard
      A. Use HTTPS to encrypt the connection and send base64 encoded credentials in the Authorization header
      B. Send username and password in plain text over HTTP
      C. Send credentials as URL parameters for easy access
      D. Use Basic Authentication without encoding credentials

      Solution

      1. Step 1: Understand security risks of Basic Authentication

        Basic Auth sends credentials encoded but not encrypted, so it must be used over HTTPS to protect data.

      2. Step 2: Identify best practice for secure API protection

        Using HTTPS encrypts the entire connection, making base64 encoded credentials safe to transmit.

      3. Final Answer:

        Use HTTPS to encrypt the connection and send base64 encoded credentials in the Authorization header -> Option A

      4. Quick Check:

        Basic Auth + HTTPS = secure transmission [OK]
      Hint: Always use HTTPS with Basic Auth for security [OK]
      Common Mistakes:
      • Sending credentials over HTTP (not secure)
      • Putting credentials in URL parameters
      • Skipping base64 encoding