How to send a correct authorization header for basic authentication
Per https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/Base64_encoding_and_decoding and http://en.wikipedia.org/wiki/Basic_access_authentication , here is how to do Basic auth with a header instead of putting the username and password in the URL. Note that this still doesn't hide the username or password from anyone with access to the network or this JS code (e.g. a user executing it in a browser):
$.ajax({
type: 'POST',
url: http://theappurl.com/api/v1/method/,
data: {},
crossDomain: true,
beforeSend: function(xhr) {
xhr.setRequestHeader('Authorization', 'Basic ' + btoa(unescape(encodeURIComponent(YOUR_USERNAME + ':' + YOUR_PASSWORD))))
}
});
You can include the user and password as part of the URL:
http://user:[email protected]/index.html
see this URL, for more
HTTP Basic Authentication credentials passed in URL and encryption
of course, you'll need the username password, it's not 'Basic hashstring
.
hope this helps...
NodeJS answer:
In case you wanted to do it with NodeJS: make a GET to JSON endpoint with Authorization
header and get a Promise
back:
First
npm install --save request request-promise
(see on npm) and then in your .js
file:
var requestPromise = require('request-promise');
var user = 'user';
var password = 'password';
var base64encodedData = Buffer.from(user + ':' + password).toString('base64');
requestPromise.get({
uri: 'https://example.org/whatever',
headers: {
'Authorization': 'Basic ' + base64encodedData
},
json: true
})
.then(function ok(jsonData) {
console.dir(jsonData);
})
.catch(function fail(error) {
// handle error
});