Authorization request header contains the
credentials to authenticate a user agent with a server, usually, but not
necessarily, after the server has responded with a
Unauthorized status and the
|Header type||Request header|
|Forbidden header name||no|
Authorization: <type> <credentials>
Other types common types can be found at the IANA registry of Authentication schemes.
Note: AWS S3 servers use a specific authentication,
"Basic"authentication scheme is used, the credentials are constructed by first combining the username and the password with a colon (
aladdin:opensesame), then by encoding the resulting string in
Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
See also HTTP authentication for examples on how to configure Apache or nginx servers to password protect your site with HTTP basic authentication.
|RFC 7235, section 4.2: Authorization||HTTP/1.1: Authentication|
|RFC 7617||The 'Basic' HTTP Authentication Scheme|