Proxy-Authorization header

The HTTP Proxy-Authorization {{Glossary("request header")}} contains the credentials to authenticate a client with a proxy server, typically after the server has responded with a {{HTTPStatus("407", "407 Proxy Authentication Required")}} status with the {{HTTPHeader("Proxy-Authenticate")}} header.

Syntax

Proxy-Authorization: <auth-scheme> <credentials>

Directives

• <auth-scheme>
  • : A case-insensitive token indicating the Authentication scheme used. Some of the more common types are Basic, Digest, Negotiate and AWS4-HMAC-SHA256. IANA maintains a list of authentication schemes, but there are other schemes offered by host services.
• <credentials>
  • : Credentials use for the authentication scheme. Generally, you will need to check the relevant specifications for the format.

[!NOTE] See {{HTTPHeader("Authorization")}} for more details.

Examples

Basic authentication

In Basic auth, credentials are sent in the format <username>:<password> (for example, aladdin:opensesame). The resulting string is then base64 encoded (YWxhZGRpbjpvcGVuc2VzYW1l).

Proxy-Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

[!WARNING] Base64 encoding is reversible, and therefore offers no cryptographic security. This method can be considered equivalent to sending the credentials in clear text. {{Glossary("HTTPS")}} is always recommended when using authentication, but is even more so when using Basic authentication.

Bearer authentication (auth token)

Proxy-Authorization: Bearer kNTktNTA1My00YzLT1234

Specifications

{{Specifications}}

See also

• HTTP authentication
• {{HTTPHeader("Proxy-Authenticate")}}
• {{HTTPHeader("WWW-Authenticate")}}
• {{HTTPHeader("Authorization")}}
• {{HTTPStatus("401")}}, {{HTTPStatus("403")}}, {{HTTPStatus("407")}}