How to Send Basic Authentication Credentials in Rest Assured

REST Assured is a powerful library for testing RESTful APIs. It simplifies writing HTTP requests and validations. One common scenario is sending Basic Authentication credentials to secure APIs. In this blog, we'll learn how to handle this easily using REST Assured.


What is Basic Authentication?

Basic Authentication is a method for HTTP user authentication. The client sends the username and password encoded in Base64 in the request header. The header looks like this:

Authorization: Basic <Base64EncodedUsernameAndPassword>

For example, if the username is admin and the password is password123, the Base64-encoded string would be:

Authorization: Basic YWRtaW46cGFzc3dvcmQxMjM=

REST Assured simplifies this process by automatically encoding the credentials when you use its methods.


Sending Basic Authentication Credentials in REST Assured

Setup Requirements

Ensure you have the following Maven dependency for REST Assured in your pom.xml file:

<dependency>

    <groupId>io.rest-assured</groupId>

    <artifactId>rest-assured</artifactId>

    <version>5.3.0</version> <!-- Use the latest version -->

    <scope>test</scope>

</dependency>

Example 1: Using auth().preemptive()

The preemptive() method sends the Authorization header before the server challenges the client. It's faster and ideal for most cases.

import io.restassured.RestAssured;

import io.restassured.response.Response;


public class BasicAuthExample {

    public static void main(String[] args) {

        // Base URI of the API

        RestAssured.baseURI = "https://example.com/api";


        // Sending Basic Auth credentials

        Response response = RestAssured.given()

                .auth()

                .preemptive()

                .basic("admin", "password123")

                .get("/secure-endpoint");


        // Print the response

        System.out.println("Response Code: " + response.getStatusCode());

        System.out.println("Response Body: " + response.getBody().asString());

    }

}

Example 2: Using auth().basic()

This method sends the Authorization header only after the server challenges the client. Use this method if your API explicitly requires such behavior.

import io.restassured.RestAssured;

import io.restassured.response.Response;


public class BasicAuthExample {

    public static void main(String[] args) {

        RestAssured.baseURI = "https://example.com/api";


        Response response = RestAssured.given()

                .auth()

                .basic("admin", "password123")

                .get("/secure-endpoint");


        System.out.println("Response Code: " + response.getStatusCode());

        System.out.println("Response Body: " + response.getBody().asString());

    }

}

Example 3: Using Headers Manually

You can also manually add the Authorization header using Base64-encoded credentials:

import io.restassured.RestAssured;

import io.restassured.response.Response;

import java.util.Base64;


public class ManualAuthExample {

    public static void main(String[] args) {

        RestAssured.baseURI = "https://example.com/api";


        // Encode username and password to Base64

        String credentials = Base64.getEncoder().encodeToString("admin:password123".getBytes());


        // Add the Authorization header manually

        Response response = RestAssured.given()

                .header("Authorization", "Basic " + credentials)

                .get("/secure-endpoint");


        System.out.println("Response Code: " + response.getStatusCode());

        System.out.println("Response Body: " + response.getBody().asString());

    }

}

Followers