Basic Auth Header Generator & Decoder Online Build an Authorization: Basic header.
100% offline
Input
Output30 chars
Header · 30 chars
Basic YWxhZGRpbjpvcGVuc2VzYW1l

About Basic Auth Header Generator & Decoder Online

A Basic Auth header builder turns a username and password into the `Authorization: Basic …` header that HTTP Basic authentication expects. The value is simply `Basic ` followed by the Base64 encoding of `username:password` — handy when you're testing an API, scripting a curl command, or debugging a 401 response and need the exact header to send.

This free, offline tool builds that header for you (UTF-8 safe, so accents and emoji in credentials survive), and decodes an existing Basic header back into its username and password. Everything runs in your browser — your credentials are never uploaded.

One important caveat: Basic auth is Base64, which is encoding, not encryption. Anyone who sees the header can decode it instantly, so Basic auth provides no confidentiality on its own and must always be sent over HTTPS.

Features

  • Build an Authorization: Basic header from a username and password
  • Decode any Basic header back into its credentials
  • UTF-8 safe — handles accents, non-Latin scripts, and emoji in credentials
  • Splits on the first colon, so passwords containing ":" decode correctly
  • Runs entirely offline; credentials never leave your device

How to use

  1. Choose Build, then type a username and password into the toolbar fields.
  2. Copy the generated Authorization: Basic header from the output pane.
  3. To go the other way, choose Decode and paste a Basic header into the input.
  4. Read the decoded username and password from the output, and copy if needed.

Frequently asked questions

Is Basic auth secure or encrypted?

No. Basic auth encodes credentials with Base64, which is encoding, not encryption. Anyone who intercepts the header can decode the username and password instantly. Always use Basic auth over HTTPS, and prefer tokens (see the JWT tool) for anything sensitive.

How is the Authorization: Basic header built?

The username and password are joined with a colon as "username:password", that string is UTF-8 encoded and Base64-encoded, and the result is prefixed with "Basic ". For example, aladdin / opensesame becomes "Basic YWxhZGRpbjpvcGVuc2VzYW1l".

Can my password contain a colon?

Yes. The credentials are split on the first colon only, so a password like "p:a:ss" decodes correctly. The username, however, cannot contain a colon per the HTTP spec.

Does this tool send my credentials anywhere?

No. All building and decoding happens locally in your browser using the built-in btoa, atob, and TextEncoder APIs. Your username and password never leave your device.

Related tools

Base64 Encode & Decode Online – Free Tool Encode and decode Base64 strings JWT Decoder — Inspect JSON Web Tokens Online Decode and inspect JSON Web Tokens URL Encoder / Decoder — Online Percent-Encoding Percent-encode and decode URL components

Everything runs locally in your browser — your input is never uploaded.