Skip to main content

Basic Auth Policy

The Basic Authentication policy allows you to authenticate incoming requests using the Basic authentication standard. You can configure multiple accounts with different passwords and a different bucket of user 'data'.

The API will expect a Basic Auth header (you can generate samples here). Requests with invalid credentials (or no header) will not be authenticated. Authenticated requests will populate the user property of the ZuploRequest parameter on your RequestHandler.


"name": "my-basic-auth-inbound-policy",
"policyType": "basic-auth-inbound",
"handler": {
"export": "BasicAuthInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"accounts": [
"data": {
"number": 1
"password": "PASSWORD",
"username": "USERNAME"
"allowUnauthenticatedRequests": false
  • name the name of your policy instance. This is used as a reference in your routes.
  • policyType the identifier of the policy. This is used by the Zuplo UI. Value should be basic-auth-inbound.
  • handler/export The name of the exported type. Value should be BasicAuthInboundPolicy.
  • handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
  • handler/options The options for this policy:
    • accounts

      An array of account objects (username, password and data properties)

    • allowUnauthenticatedRequests

      If 'true' allows the request to continue even if authenticated. When 'false' (the default) any unauthenticated request is automatically rejected with a 401

Read more about how policies work