Skip to main content

Basic Auth Policy

The Basic Authentication policy allows you to authenticate incoming requests using the Basic authentication standard. You can configure multiple accounts with different passwords and a different bucket of user 'data'.

The API will expect a Basic Auth header (you can generate samples here). Requests with invalid credentials (or no header) will not be authenticated. Authenticated requests will populate the user property of the ZuploRequest parameter on your RequestHandler.



Be sure to read about policies

"name": "my-basic-auth-inbound-policy",
"policyType": "basic-auth-inbound",
"handler": {
"export": "BasicAuthInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"accounts": [
"data": {
"number": 1
"password": "PASSWORD",
"username": "USERNAME"
"allowUnauthenticatedRequests": false
  • name the name of your policy instance. This is used as a reference in your routes.
  • policyType the identifier of the policy. This is used by the Zuplo UI. Value should be basic-auth-inbound.
  • handler/export The name of the exported type. Value should be BasicAuthInboundPolicy.
  • handler/module the module containing the policy. Value should be $import(@zuplo/runtime).
  • handler/options The options for this policy: