Documentation

Basic Authentication in GravityWP API Connector

Basic Authentication is an HTTP authentication method that uses a username and password to access a protected API. Many older or internal APIs still use it because it’s simple to implement and easy to test.

In API Connector, you can create a Basic Auth API connection once, then reuse it across multiple API feeds.

When to use Basic Authentication

Use Basic Authentication when your API provider gives you:

  • a username and password, or
  • credentials that behave like a username/password pair (common in older systems)

If your provider gives you a single token value (often starting with pat-, sk-, or similar), Bearer Token is usually the better fit.

If your provider requires a consent screen and a redirect URL, you likely need OAuth 2.0 Authorization Code instead.

How Basic Authentication works

With Basic Authentication:

  • The client (your site) sends a username and password with the request.
  • The credentials are typically sent using the HTTP Authorization header with the Basic scheme.
  • The credentials are encoded using Base64, which is not encryption (it’s just encoding).

In API Connector, Basic Authentication is applied automatically when a feed uses a Basic Auth connection.

Important security note: Because the credentials are not encrypted by Basic Auth itself, Basic Auth should be used over HTTPS so the connection is protected in transit.

What you need before you start

Create a Basic Authentication API connection

Go to the API Connector settings area in your WordPress admin and add a new API connection.

Fill in these fields:

  • API Name
     A label to recognize the connection later (example: Internal CRM – Basic Auth).
  • Slug
     A unique identifier for the connection. (This can’t be changed later.)
  • Base URL
     The root domain of the API you want to call (example: https://api.example.com).
  • Authentication method
     Select Basic Auth.
  • Username / Password
     Enter the credentials provided by your API provider.

After saving, this connection becomes available inside API feeds so you can run authenticated requests without re-entering credentials every time.