Authenticate with Basic

APPLIES TO: All API Management tiers

Use the authentication-basic policy to authenticate with a backend service using Basic authentication. This policy effectively sets the HTTP Authorization header to the value corresponding to the credentials provided in the policy.

Svarilo

Minimize risks of credential exposure when configuring this policy. Microsoft recommends that you use more secure authentication methods if supported by your backend, such as managed identity authentication or credential manager. If you configure sensitive information in policy definitions, we recommend using named values and storing secrets in Azure Key Vault.

Opomba

Set the policy's elements and child elements in the order provided in the policy statement. Learn more about how to set or edit API Management policies.

Policy statement

XML

<authentication-basic username="username" password="password" />

Attributes

Attribute	Description	Required	Default
username	Specifies the username of the Basic credential. Policy expressions are allowed.	Yes	N/A
password	Specifies the password of the Basic credential. Policy expressions are allowed.	Yes	N/A

Usage

• Policy sections: inbound
• Policy scopes: global, workspace, product, API, operation
• Gateways: classic, v2, consumption, self-hosted, workspace

Usage notes

• This policy can only be used once in a policy section.
• We recommend using named values to provide credentials, with secrets protected in a key vault.

Example

XML

<authentication-basic username="testuser" password="testpassword" />

Related policies

• Authentication and authorization

Related content

For more information about working with policies, see:

• Tutorial: Transform and protect your API
• Policy reference for a full list of policy statements and their settings
• Policy expressions
• Set or edit policies
• Reuse policy configurations
• Policy snippets repo
• Azure API Management policy toolkit
• Author policies using Microsoft Copilot in Azure