Authenticate with Basic
APPLIES TO: All API Management tiers
Use the authentication-basic
policy to authenticate with a backend service using Basic authentication. This policy effectively sets the HTTP Authorization header to the value corresponding to the credentials provided in the policy.
Caution
Minimize risks of credential exposure when configuring this policy. Microsoft recommends that you use more secure authentication methods if supported by your backend, such as managed identity authentication or credential manager. If you configure sensitive information in policy definitions, we recommend using named values and storing secrets in Azure Key Vault.
Note
Set the policy's elements and child elements in the order provided in the policy statement. Learn more about how to set or edit API Management policies.
Policy statement
<authentication-basic username="username" password="password" />
Attributes
Attribute | Description | Required | Default |
---|---|---|---|
username | Specifies the username of the Basic credential. Policy expressions are allowed. | Yes | N/A |
password | Specifies the password of the Basic credential. Policy expressions are allowed. | Yes | N/A |
Usage
- Policy sections: inbound
- Policy scopes: global, workspace, product, API, operation
- Gateways: classic, v2, consumption, self-hosted, workspace
Usage notes
- This policy can only be used once in a policy section.
- We recommend using named values to provide credentials, with secrets protected in a key vault.
Example
<authentication-basic username="testuser" password="testpassword" />
Related policies
Related content
For more information about working with policies, see:
- Tutorial: Transform and protect your API
- Policy reference for a full list of policy statements and their settings
- Policy expressions
- Set or edit policies
- Reuse policy configurations
- Policy snippets repo
- Azure API Management policy toolkit
- Author policies using Microsoft Copilot in Azure