Basic authorization command for curl
How do I set up the Basic authorization using Base64 encoded credentials? I tried the below two commands, but of no use. Please suggest me the correct variant.
curl -i -H 'Accept:application/json' Authorization:Basic http://example.com curl -i -H 'Accept:application/json' Authorization:Basic.base64_encode(username:password) http://example.com
6 Answers 6
How do I set up the basic authorization?
All you need to do is use -u, —user USER[:PASSWORD] . Behind the scenes curl builds the Authorization header with base64 encoded credentials for you.
curl -u username:password -i -H 'Accept:application/json' http://example.com
In this case header looks like «Authorization: Basic base64(
Use the -H header again before the Authorization:Basic things. So it will be
curl -i \ -H 'Accept:application/json' \ -H 'Authorization:Basic BASE64_string' \ http://example.com
Here, BASE64_string = Base64 of username:password
Background
You can use the base64 CLI tool to generate the base64 encoded version of your username + password like this:
$ echo -n "joeuser:secretpass" | base64 am9ldXNlcjpzZWNyZXRwYXNz -or- $ base64
Base64 is reversible so you can also decode it to confirm like this:
$ echo -n "joeuser:secretpass" | base64 | base64 -D joeuser:secretpass -or- $ base64
NOTE: username = joeuser, password = secretpass
Example #1 - using -H
You can put this together into curl like this:
$ curl -H "Authorization: Basic $(base64 <<<"joeuser:secretpass")" http://example.com
Example #2 - using -u
Most will likely agree that if you're going to bother doing this, then you might as well just use curl 's -u option.
$ curl --help |grep -- "--user " -u, --user USER[:PASSWORD] Server user and password
$ curl -u someuser:secretpass http://example.com
But you can do this in a semi-safer manner if you keep your credentials in a encrypted vault service such as LastPass or Pass.
For example, here I'm using the LastPass' CLI tool, lpass , to retrieve my credentials:
$ curl -u $(lpass show --username example.com):$(lpass show --password example.com) \ http://example.com
Example #3 - using curl config
There's an even safer way to hand your credentials off to curl though. This method makes use of the -K switch.
When used, your details remain hidden, since they're passed to curl via a temporary file descriptor, for example:
+ curl -skK /dev/fd/63 -XGET -H 'Content-Type: application/json' https://es-data-01a.example.com:9200/_cat/health ++ cat +++ lpass show --username example.com +++ lpass show --password example.com 1561075296 00:01:36 rdu-es-01 green 9 6 2171 1085 0 0 0 0 - 100.0%
NOTE: Above I'm communicating with one of our Elasticsearch nodes, inquiring about the cluster's health.
This method is dynamically creating a file with the contents user = ":" and giving that to curl .
HTTP Basic Authorization
The methods shown above are facilitating a feature known as Basic Authorization that's part of the HTTP standard.
- The username and password are combined with a single colon (:). This means that the username itself cannot contain a colon.
- The resulting string is encoded into an octet sequence. The character set to use for this encoding is by default unspecified, as long as it is compatible with US-ASCII, but the server may suggest use of UTF-8 by sending the charset parameter.
- The resulting string is encoded using a variant of Base64.
- The authorization method and a space (e.g. "Basic ") is then prepended to the encoded string.