How to Base64 Encode a Password for an API Authorization Header

Created on 19 September, 2025Converter Tools • 321 views • 2 minutes read

Learn how to correctly format and encode a username and password to Base64 for API Basic Authentication. Use our free online encoder for a fast and error-free result.

If you're a developer or just starting to work with APIs, you'll quickly run into documentation that asks you to "send your credentials in the Authorization header." For many APIs, the required scheme is "Basic Authentication," which involves sending a username and password.

But you can't just send them as plain text. The API requires these credentials to be combined and encoded in a specific format. This format is Base64. It might look complex, but the process is surprisingly simple once you know the trick.

This guide will walk you through exactly what this header is, why it's used, and how to create it correctly in seconds.

What is API Basic Authentication?

Basic Authentication is a standard, widely-used method for an API to check who you are. It works by having you, the client, send an HTTP header with every request that looks like this:

Authorization: Basic <credentials>

The <credentials> part is not just your password. It's a Base64-encoded string of your username and password combined with a single colon.

Why Base64? A Critical Security Note

It is crucial to understand that Base64 is NOT encryption. It is an encoding scheme. Its only purpose is to ensure that the credential string, which may contain special characters, can be safely transported over HTTP.

Anyone can easily decode a Base64 string back to plain text.

Because of this, you should NEVER use Basic Authentication over an http:// connection. It must always be used over httpsS:// (SSL/TLS), which encrypts the entire request, including the "unsecure" Base64 header, protecting it from attackers.

The Exact Format to Follow (The Manual Way)

This is the most important part of the process and the step where most people make a mistake.

  1. Get your username (or API key).Example: my-api-key
  2. Example: my-api-key
  3. Get your password (or API secret).Example: s3cr3t_p@ss!
  4. Example: s3cr3t_p@ss!
  5. Combine them into a single string, separated by a colon (:).my-api-key:s3cr3t_p@ss!
  6. my-api-key:s3cr3t_p@ss!
  7. Base64 encode that single string.

The result of this encoding is the <credentials> token you need for the header.

How to Encode Your Credentials (The Easy Way)

While you can use command-line tools or write a script to perform the encoding, this can be slow and error-prone. The fastest, most reliable method is to use a simple online tool.

Using an Online Base64 Encoder

Instead of worrying about script syntax or command-line flags, a dedicated Base64 encoder handles the conversion perfectly every time. This is the recommended approach for getting a quick, error-free result for your API client or script.

A Full Step-by-Step Example

Let's walk through the entire process from start to finish.

Step 1: Identify Your Credentials

  • Username: user
  • Password: pass

Step 2: Combine with a Colon

  • Your string to be encoded is: user:pass

Step 3: Encode the String

  • Paste user:pass into a Base64 encoder.
  • The encoded result will be: dXNlcjpwYXNz

Step 4: Build Your Final HTTP Header

  • Take the encoded result and add it to your Authorization header after the word Basic and a space.
  • Final Header: Authorization: Basic dXNlcjpwYXNz

That's it! You can now use this header in your API requests with tools like Postman, curl, or any programming language to successfully authenticate.

Categories

Popular posts