Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Authorization request header Vs POST request body for credentials

Tags:

People also ask

How do I pass credentials in Authorization header?

The client sends HTTP requests with the Authorization header that contains the Basic word followed by a space and a base64-encoded username:password string. For example, a header containing the demo / p@55w0rd credentials would be encoded as: Authorization: Basic ZGVtbzpwQDU1dzByZA==

Is header more secure than body?

The main point was that urls get logged by intermediate servers more frequently and thus sensitive information could appear in logs. If we continue this idea for headers/body , I would suggest that headers are more likely to be logged if compared to body.

Is Authorization a request header?

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a protected resource. The Authorization header is usually, but not always, sent after the user agent first attempts to request a protected resource without credentials.

Does HTTP headers support authentication?

HTTP supports the use of several authentication mechanisms to control access to pages and other resources. These mechanisms are all based around the use of the 401 status code and the WWW-Authenticate response header. The client sends the user name and password as unencrypted base64 encoded text.


Which is the right approach to send user credentials from the front end to the backend server? I see examples where some developers use the authorization headers and some pass the credentials in the POST body.