What is Basic authentication?
Basic authentication is a straightforward, widely supported, and non-interactive method for an API client (like a web browser or mobile app) to provide a user's credentials (typically a username and password) when making an API request. It's one of the simplest authentication schemes built into the HTTP protocol.
More about Basic Authentication
1. The Core Mechanism
Basic authentication works by combining the username and password into a single string, separating them with a single colon, like this: username:password.
2. Encoding
This combined string is then Base64 encoded. Base64 is an encoding scheme, not an encryption method; it is easily reversible and is used primarily to ensure that the credentials can be transmitted across the internet without issues arising from special characters. It does not provide security or confidentiality.
3. The HTTP Header
The resulting Base64-encoded string is then included in the API request within the Authorization HTTP header. The header takes the format:
Authorization:Basic ⟨base64-encoded string⟩
For example, if the username is user and the password is pass, the combined string is user:pass. After Base64 encoding, this might become dXNlcjpwYXNz. The header sent in the request would be:
Authorization:Basic dXNlcjpwYXNz
4. Server-Side Verification
When the API server receives the request, it performs the following steps:
- It checks for the Authorization header.
- It verifies that the scheme is Basic.
- It Base64-decodes the credential string to retrieve the original username:password.
- It separates the username and password.
- It attempts to validate these credentials against its user database.
If the credentials are valid, the server processes the API request. If they are invalid, the server typically responds with an HTTP status code of 401 Unauthorized and often includes a WWW-Authenticate header to prompt the client for correct credentials.
To use Basic Authentication in a GET API via Rest Assured, you need to include the username and password using auth().basic(username, password) in your request.
In Basic authentication:
The client sends the username and password encoded in Base64 in the request headers.
The format is:
Authorization: Basic Base64(username:password)
https://postman-echo.com/basic-auth It requires: Username: postman Password: password
<dependency> <groupId>io.rest-assured</groupId> <artifactId>rest-assured</artifactId> <version>5.3.0</version> <scope>test</scope> </dependency>
import io.restassured.RestAssured; import io.restassured.response.Response; import static io.restassured.RestAssured.*; import static org.hamcrest.Matchers.*; public class BasicAuthGetAPI { public static void main(String[] args) { // Set Base URI RestAssured.baseURI = "https://postman-echo.com"; // Send GET request with basic auth Response response = given() .auth().basic("postman", "password") // Basic Auth .when() .get("/basic-auth") // GET Endpoint .then() .statusCode(200) // Check status code .body("authenticated", equalTo(true)) // Validate response body .extract().response(); // Print the response System.out.println("Response:\n" + response.prettyPrint()); } }
{ "authenticated": true }
1. Validate JSON Schema in RestAssured
2. Validate Request and Response by POJO in RestAssured
3. Extract Response by JSONPath in RestAssured
4. Validate Keys in API in RestAssured
5. Validate XML Schema in RestAssured