1. Home
  2. Docs
  3. Examples
  4. HTTP Basic Authentication

HTTP Basic Authentication

The Authenticate action of the Test Flow automatically authenticates HTTP requests. This action is only available if “Web Test Flow” is enabled under the Flow Configuration of the Flow template. However, if you would like to test the implementation of authentication mechanism itself, this page provide guidance on how to set up the authentication scheme in a fully configurable/customizable way.

Web servers that utilize Basic Authentication as defined by  RFC 7617 expect clients to submit Base64-encoded credentials in the HTTP request header. On this page, we discuss implementing a test configuration that allows testing resources protected by HTTP Basic Authentication.


This example assumes the reader is familiar with the basics of GUARDARA, can navigate comfortably through the user interface, and has basic familiarity with the Message and Test Flow templates and the related Designers. In the example, we will utilize Session Variables and, for a slightly more advanced implementation, we will have a brief look at the Response Processing Rules.

Message Template

HTTP Basic Authentication requires the client to provide the Base64-encoded credentials with each request. For each Message template, we have to include the appropriate header in the HTTP request.

We start by creating a simple HTTP request template using the Message Template Designer. Then, we make the appropriate session variables and adjust our template accordingly.

Creating a Request Template

Let’s create a simple HTTP request template that uses the GET method to fetch the file index.html. A screenshot of such a template is shown below. You can download the JSON object of the example from HERE. Then, you can copy-paste the JSON object into the editor by clicking on View > View Code in the editor menu. However, if you are new to GUARDARA, we recommend creating this template manually.

Defining Credential Variables

To authenticate successfully, we need a username and a password to transmit with each request in the appropriate HTTP header. If we hardcoded the credential in the template, we would have to update the template every time the credentials change. So instead, we are going to use Session Variables and later on the Reference field to avoid having to hardcode credentials and create configurable test cases.

First, let’s define these two variables by clicking View > Session Variables in the editor menu.

Using the form appearing at the bottom of the page, we create the two variables. The best practice is to pick a name and set a description that is both meaningful and informative. Getting the name right is especially important as we will need it later.

Authorization Header

We have to include the Authorization header in our HTTP request to transmit the credentials. An example of the header is shown below.

Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

The Base64-encoded part of the Authorization header’s value contains the credentials. We will discuss how to create this in a minute. But, first, let’s create the header without the credentials.

If we look at the Preview, the header will now show up. What we are missing is the actual credentials.

As mentioned previously, the credentials are Base-64 encoded. The format of the credentials before the encoding is ${username}:${password}. Therefore, we have to concatenate the username and the password using a colon (:) then Base64 encode the resulting string. To do that, we are going to:

  1. Create a new group named credentials.
  2. Add three new Fields as the children of the the group:
    1. A Reference field that refers to the value of the Username session variable
    2. A Delimiter field with the value set to the colon (:) to separate the username from the password
    3. Another Reference field that refers to the value of the Password session variable
  3. Apply Base64 encoding on the credentials group using a Transform

The video below guides us through this process.


Was this article helpful to you? Yes No