Under heavy development
StitchAPI
GuidesAuth

basic

HTTP Basic authentication with credentials resolved from a secret resolver.

Use basic when an API authenticates with HTTP Basic — it base64-encodes user:pass and sets the Authorization: Basic … header, with both halves resolved at call time so the caller never holds the credential.

Example

import { , ,  } from 'stitchapi';

const  = ({
    : 'https://api.example.com',
    : '/report',
    : ({ : ('API_USER'), : ('API_PASS') }),
});

Each call to report() resolves API_USER and API_PASS, encodes them, and attaches the header — behind the capability boundary, so the credential is never passed in by the caller.

Options

user and pass each take a string or a resolver. Prefer a resolver like env(): it reads the secret per call, so nothing is captured in the config or committed to source — the capability, not credential boundary. A literal string works but bakes the secret into the stitch. See Reference → Auth strategies for every field.

See also

Secret resolvers

bearer

Capability, not credential

Reference: Auth strategies

apiKey

Send an API key as a header or query parameter, resolved at call time.

cookieSession

Log in once, capture and replay cookies, and refresh the session on a status code or a soft 200 wall.

On this page

ExampleOptionsSee also