Skip to content

Authorization

Description

The Authorization request header is an HTTP header used by clients to provide authentication credentials when making requests to a server. It allows clients to access protected resources by including credentials such as API keys, tokens, or user credentials in a request. The server validates the credentials and determines whether the client has permission to access the requested resource.

This header is commonly used in combination with authentication schemes such as Basic Authentication, Bearer Tokens (for OAuth 2.0), and custom authentication mechanisms.

Syntax

The syntax of the Authorization header follows this structure:

Authorization: <scheme> <credentials>
  • <scheme>: The authentication method being used (e.g., Basic, Bearer, Digest, etc.).
  • <credentials>: The encoded or encrypted authentication credentials.

Example Syntax

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Authorization: Bearer abc123xyz456

Examples

Basic Authentication Example

A client request using Basic Authentication (username and password encoded in Base64):

GET /protected-resource HTTP/1.1
Host: example.com
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

If the credentials are valid, the server responds with:

HTTP/1.1 200 OK

<protected content>

If the credentials are invalid or missing, the server may respond with a 401 Unauthorized status:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Access to protected resource"

Bearer Token Authentication Example

A request using a Bearer token, typically used in OAuth 2.0:

GET /api/data HTTP/1.1
Host: example.com
Authorization: Bearer abc123xyz456

If the token is valid, the server responds with:

HTTP/1.1 200 OK

{"data": "secure information"}

If the token is invalid or expired, the server may respond with:

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="example", error="invalid_token"

Summary

The Authorization request header is essential for securing web applications and APIs by allowing clients to authenticate themselves when accessing protected resources. Various authentication schemes, including Basic Authentication and Bearer Tokens, use this header to transmit credentials securely. Proper implementation ensures secure access control and protects sensitive data from unauthorized access.