Encode HTTP Basic Auth Credentials Into an Authorization Header

Type a username and password and instantly get the Base64-encoded Authorization: Basic header your client needs. Everything runs in your browser — no credentials ever leave this page.

Authorization Header


    

    

Base64 token only



    
  

How the Authorization: Basic header is built

HTTP Basic Authentication is defined by RFC 7617. The scheme is deliberately simple, which is exactly why it is so widely used for internal APIs, registry logins, and quick scripts. This generator reproduces the algorithm step by step:

  1. Join the username and password with a single colon: username + ":" + password. The username itself must not contain a colon — the first colon is the delimiter, and any later colons belong to the password.
  2. Convert that string to bytes. RFC 7617 recommends UTF-8, so multi-byte characters (accents, emoji, CJK) are encoded before Base64. The tool does this by URI-encoding then mapping each percent-escape back to a raw byte, which produces correct UTF-8 octets in pure JavaScript.
  3. Base64-encode the byte sequence with the standard 64-character alphabet (A–Z a–z 0–9 + /) and = padding. Every 3 bytes become 4 characters, so the token length is 4 × ceil(n / 3) characters for n input bytes.
  4. Prefix the literal scheme name: Authorization: Basic <token>.

For example aladdin:opensesame is 18 ASCII bytes, so the token is 4 × ceil(18/3) = 24 characters with no padding: YWxhZGRpbjpvcGVuc2VzYW1l. Because Base64 is reversible, this header is encoding, not encryption — anyone who intercepts it can decode the password in one step. That is the single most important fact about Basic auth: it provides identification, not confidentiality, so it must only ever travel over HTTPS where TLS supplies the secrecy. The note below this tool flags weak inputs and reminds you when the credentials look guessable. Use it for testing, local services, and CI scripts — never paste production secrets into a header you log or commit.

Quick reference

ItemValue
SchemeBasic (RFC 7617)
EncodingBase64 of user:pass bytes
Reversible?Yes — decode-safe, not secure
Token length4 × ceil(bytes / 3)
TransportHTTPS only

Related Tools

Base64 Encoder / Decoder HTTP Header Analyzer