HTTP Basic Authentication

The simplest HTTP authentication scheme, defined in RFC 7617, where the client encodes the username and password as base64(username:password) and sends it in the Authorization header. Basic Auth credentials are not encrypted — only base64-encoded — so HTTPS is mandatory to prevent credential interception in transit. Despite its simplicity, it is still used in API authentication when combined with TLS and is supported universally by HTTP clients.