What is a Basic Auth Generator?

It is a tool that turns a username and password into an HTTP Basic Auth credential — Base64 of 'username:password' — and gives you the full 'Authorization: Basic' header to send with a request. It also decodes a token back to user and password.

Is HTTP Basic Auth secure?

Basic auth only Base64-encodes the credentials; it does not encrypt them. Anyone who sees the header can decode it, so always use it over HTTPS and avoid it on untrusted networks.

How do I use the header with curl?

Copy the generated cURL snippet, which already includes -H "Authorization: Basic ". You can also let curl build it for you with curl -u username:password.

Can I decode an existing Authorization header?

Yes. Switch to Decode and paste either the bare token or the whole 'Authorization: Basic ' line. The tool strips the prefix and shows the username and password.

Are my username and password sent anywhere?

No. The Basic Auth Generator runs entirely in your browser. The credentials you type or paste never leave your device and are not uploaded to ArrayKit.

What if my username or password has special characters?

Encoding and decoding are UTF-8 safe, so accented letters and other non-ASCII characters round-trip correctly. The split always happens on the first colon.

Basic Auth Generator

Generate and decode HTTP Basic Auth Authorization headers from a username and password.

The Basic Auth Generator runs entirely in your browser. The username, password, and tokens you paste never leave your device and nothing is uploaded to ArrayKit.

Open the Base64 Encoder / Decoder

About Basic Auth Generator

The Basic Auth Generator builds an HTTP Basic Auth header from a username and password so you can authenticate API calls in seconds. It Base64-encodes username:password, then shows you the raw token, the full Authorization: Basic value, and a ready-to-run cURL snippet you can copy. Switch to Decode mode to paste a token or a complete Authorization header and recover the original user and password. It is handy when you are testing a REST endpoint, wiring up a webhook, configuring a reverse proxy, or debugging a 401 and need to confirm what credentials a header actually carries. Built for developers, QA engineers, and DevOps folks who build and inspect requests right in the browser. Everything runs locally — no credentials are uploaded.

Features

Generate an Authorization: Basic header from any username and password
Shows the raw Base64 token and the full header value side by side
Copy a ready-to-run cURL command with the header already inserted
Decode mode recovers user:pass from a token or a complete header line
Accepts pasted input with or without the Authorization: Basic prefix
UTF-8 safe encoding and decoding for non-ASCII credentials
Clear error when the pasted token is not valid Base64
Runs entirely in your browser with no credentials sent anywhere

How to use the Basic Auth Generator

Keep the Generate tab selected
Type your username and password into the two fields
Copy the Authorization: Basic header or the cURL snippet
Switch to Decode and paste a token or header to recover user:pass

Example

Input

username: aladdin
password: opensesame

Output

Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

base64("aladdin:opensesame") becomes the Basic credential.

Common errors & troubleshooting

Server keeps returning 401 Unauthorized after adding the header. — Confirm the username and password are exact (case-sensitive) and that the endpoint actually uses Basic auth, not Bearer or an API key.
Decode shows 'Not valid Base64.' — Remove stray spaces or line breaks and paste only the token, or include the full 'Authorization: Basic <token>' line so the prefix is stripped for you.
Password contains a colon and the decode splits it wrong. — Basic auth splits on the first colon only — the username is everything before it and the password is everything after, so a colon in the password is preserved.
Credentials feel exposed in transit. — Basic auth is Base64-encoded, not encrypted. Always send it over HTTPS so the header is protected by TLS.

Frequently asked questions

What is a Basic Auth Generator?: It is a tool that turns a username and password into an HTTP Basic Auth credential — Base64 of 'username:password' — and gives you the full 'Authorization: Basic' header to send with a request. It also decodes a token back to user and password.
Is HTTP Basic Auth secure?: Basic auth only Base64-encodes the credentials; it does not encrypt them. Anyone who sees the header can decode it, so always use it over HTTPS and avoid it on untrusted networks.
How do I use the header with curl?: Copy the generated cURL snippet, which already includes -H "Authorization: Basic <token>". You can also let curl build it for you with curl -u username:password.
Can I decode an existing Authorization header?: Yes. Switch to Decode and paste either the bare token or the whole 'Authorization: Basic <token>' line. The tool strips the prefix and shows the username and password.
Are my username and password sent anywhere?: No. The Basic Auth Generator runs entirely in your browser. The credentials you type or paste never leave your device and are not uploaded to ArrayKit.
What if my username or password has special characters?: Encoding and decoding are UTF-8 safe, so accented letters and other non-ASCII characters round-trip correctly. The split always happens on the first colon.

Related tools

Base64 Encode / Decode — UTF-8 safe Base64 encoding and decoding.
JWT Decoder — Decode JWT header & payload and inspect exp / iat (no verification).
JWT Signer — Create and sign a JWT (HS256/384/512) from a payload and secret — Web Crypto.
Hash Generator — SHA-256 / SHA-1 / SHA-384 / SHA-512 via the Web Crypto API.
Password Generator — Generate strong, random passwords with a strength meter (crypto-secure).
API Request Client — Send HTTP requests, build headers and params, inspect responses — your last 25 requests are saved locally.
cURL to Fetch — Convert a curl command to a JavaScript fetch() call.
URL Encode / Decode — Encode and decode URL components.