Basic Authentication (Basic Auth) is a simple but effective way to restrict access to your services by requiring a valid username and password before allowing requests to reach your upstream service. When Basic Authentication is enabled: 🔐 Requests without valid credentials are automatically rejected with a 401 Unauthorized response.
🔐 Only authenticated users can access your protected services.
⚡ Authentication is enforced at the gateway level, reducing security overhead for your backend.

🔍 What are the Benefits of Basic Authentication?

HTTP Basic Authentication is a simple yet effective way to restrict access to sensitive services without requiring complex identity providers or OAuth-based authentication systems. Key Benefits:
  • Securing development or staging environments from public access.
  • Adding a lightweight authentication layer when no other auth system is available.
  • Protecting internal admin panels, dashboards, or API endpoints.
  • Protect temporary or short-lived services without setting up an OAuth provider.
If you need more secure authentication methods for production traffic, consider the OAuth, OIDC, and JWT Validation guides.

Basic Authentication Examples

The following examples show how to set up an endpoint that accepts requests that contain basic auth credentials for either user:password1 or admin:password2. All other requests will be denied with a 401 response code. Check out the basic auth traffic policy action page for more details about how it functions and the parameters it accepts. 
apiVersion: ngrok.k8s.ngrok.com/v1alpha1
kind: AgentEndpoint
metadata:
name: example-agent-endpoint
spec:
url: https://example-hostname.ngrok.io
upstream:
  url: http://my-service.my-namespace:8080
trafficPolicy:
  inline:
    on_http_request:
    - actions:
      - type: basic-auth
        config:
          realm: sample-realm
          credentials:
            - user:password1
            - admin:password2
          enforce: true