--- title: "Basic Auth" slug: "basic-auth" updated: 2026-01-02T05:41:58Z published: 2026-01-02T05:41:58Z --- > ## Documentation Index > Fetch the complete documentation index at: https://traceabledocs.document360.io/llms.txt > Use this file to discover all available pages before exploring further. # Basic Auth Basic Authentication (Basic Auth) is a simple and commonly used method for securing web resources and APIs. The client authenticates by sending a username and password in the HTTP request header. These credentials are base64-encoded before transmission. ### Configurations Basic Auth mechanism has the following configurations: | Configuration | Description | | --- | --- | | **Username** | The username of the user or the application. | | **Password** | The password for the user or application. | | **Header Value Template** (Optional) | Basic Authentication works by directly encoding the `username:password` pair into a *base64* string and replacing it in the `Authorization` header, `{{value}}` placeholder: ```actionscript Authorization: Basic {{value}} ``` | --- ## Example The following are some samples that you can use to configure the *Basic Auth* mechanism in the Advanced mode: ### Sample 1 ```python import base64 def basic_auth_hook(scanctx: ScanContext, pluginctx: PluginContext, testcase: TestCase, **kwargs) -> list[Assertion]:    attributes = testcase.get_attributes()    username = "TOKEN_VALUE    password = "TOKEN_VALUE"    # set user    normal_user = True    bola_user = False    # Encode the credentials in Base64    auth_string = base64.b64encode(f"{username}:{password}".encode()).decode()    header_value = "Basic %s" % auth_string    attributes.set("mutated.auth.attribute", "mutated.http.request.header.authorization")    attributes.delete("mutated\\.http\\.request\\.cookie", regex=True)    attributes.delete("mutated.http.request.header.cookie")    #attributes.set("mutated.role.user", username)    attributes.set("mutated.http.request.header.authorization", header_value)    return [] ``` ### Sample 2 ```python import base64 def basic_auth_hook(scanctx: ScanContext, pluginctx: PluginContext, testcase: TestCase, **kwargs) -> list[Assertion]:    attributes = testcase.get_attributes()    username = "TOKEN_VALUE"    password = "TOKEN_VALUE"    logger.info("Invoked zendesk custom auth for url" + attributes.get_one("mutated.http.request.url", "") + " and plugin " + pluginctx.get_plugin())    header_value_format = "Basic {{value}}"    # set user    normal_user = True    bola_user = False    # Encode the credentials in Base64    auth_string = base64.b64encode(f"{username}:{password}".encode()).decode()    header_value = header_value_format.replace("{{value}}", str(auth_string))    attributes.set("mutated.auth.attribute", "mutated.http.request.header.Authorization")    if normal_user:        attributes.set("mutated.role.user", header_value)        attributes.set("mutated.http.request.header.Authorization", header_value)    if bola_user:        attributes.set("mutated.role.bolauser", header_value)    return [] ```