Express Gateway Documentation

Policies Reference

Basic Authorization


The Basic Authorization policy follows the RFC-7617 standard. From the standard, if a user agent wanted to send the user-id “Aladdin” and password “open sesame”, it would use the following HTTP header.

Example: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==


In order to use the Basic Authorization policy, consumers must be created and basic-auth credentials created for them.

To create consumers (users and apps): use the CLI and create user or create app command.

To create a basic-auth credential for an app or user: use the CLI and create credential command with type basic-auth.

To enable the Basic Authorization policy, add basic-auth in gateway.config.yml in the policies section.

  - basic-auth
  # other policies


    - authorizedEndpoint
    - basic-auth:
    - proxy:
          serviceEndpoint: backend

You can use cURL to test that the policy is working correctly:

curl -H "Authorization: Basic base64encoded(username:password)" https://gatewayurl/api/testEndpoint

Note: Make sure to replace the base64encoded(username:password) with the correct data generated by the gateway.

Options Reference
  • passThrough:
    • determines whether the gateway should execute the successive policy in case the auth process fails. If set to false, the gateway will return an Unauthorized response.
    • default value: false