Why does my Basic Auth credentials work but the Base64 version results in an error?

security-observer-95 · May 29, 2025, 1:42pm

When accessing my Acuity Scheduling API, first I sent a GET request using Basic username and password. It worked. I tried the same GET request using the Base64 version of my credentials, but I get a 401 error. Why?

danny-dainton · May 29, 2025, 1:45pm

Hey @security-observer-95

Welcome to the Postman Community!

Without knowing what both of those are producing, it’s hard to tell here. Have you compared both outputs using the request details in the console to see if these are creating the same thing?

security-observer-95 · May 29, 2025, 1:50pm

I’m new to APIs, so I’m not totally sure. I used a GET request twice on the same URL, expecting to get the same result. I got a 200 with the basic auth and a 401 with the base64. Aren’t those fundamentally the same thing, just using different ciphers? Why wouldn’t both outputs be exactly the same?

danny-dainton · May 29, 2025, 1:54pm

There are a lot of things going on here that no one can see, as these are all in front of you.

I don’t know how those 2 different methods have been applied to your requests. I know how you would have used the Auth Helper but not how you have added the base64 value.

Without more visual information, it’s just guesswork from my side.

security-observer-95 · May 29, 2025, 2:00pm

I can post screenshots: This is what it looks like using Basic Auth

security-observer-95 · May 29, 2025, 2:02pm

This is what happens when I use Base64:

danny-dainton · May 29, 2025, 2:09pm

That’s not doing the same thing - Those are 2 different Auth Types.

The Basic helper would do this:

The API Key helper would do this:

This is just using the base64 value of danny:dainton

To get the same as the Basic helper, you would need to do something manual and add it like this:

Or you could also achieve this in a more programmatic way using a script.

security-observer-95 · May 29, 2025, 2:15pm

Wow, I had no idea. I thought that Basic and Base64 were just two versions of the same passcode that would lead to the same result. I had no clue they were used for different things. Thanks for explaining!

danny-dainton · May 29, 2025, 2:22pm

You’re welcome.

You could also use a script like this in the pre-request section to pull in your variables and add the header to the request:

const username = pm.environment.get('username');
const password = pm.environment.get('password');
const base64String = btoa(`${username}:${password}`);

// Add Basic Auth header to the request
pm.request.headers.add({
    key: 'Authorization',
    value: `Basic ${base64String}`
});

security-observer-95 · June 2, 2025, 9:44pm

Hi there! Sorry for the follow-up question but I’m new to both APIs and coding in general and I’d like to look deeper into what you’ve shared. What is the topic that I should research to learn the different Auth Types and what they are used for?

Topic		Replies	Views
Accessing an API with Basic Auth not working Ask the Experts and Postman Tips	3	10182	October 27, 2022
I'm getting 401 Unauthorized Error New to APIs/Postman authentication	2	21754	September 12, 2022
Can I just type id and password into basic auth if I want to authenticate? Ask the Experts and Postman Tips authentication , laravel	6	37955	September 12, 2021
Add API key and basic authentication in Heather Ask the Experts and Postman Tips	4	814	January 17, 2023
Basic Auth Example Using Mock Server Ask the Experts and Postman Tips authorization , examples , mock-server	1	4161	April 30, 2025

Why does my Basic Auth credentials work but the Base64 version results in an error?

Related topics