In the context of a HTTP transaction, basic access authentication is a method for a HTTP user agent to provide a user name and password when making a request - wikipedia 
# Protocol
When the server wants the user agent to authenticate itself towards the server, it must respond appropriately to unauthenticated requests.
# Server side
Unauthenticated requests should return a response whose header contains a `HTTP 401 Unauthorized` status and a `WWW-Authenticate` field - RFC ietf.org
The `WWW-Authenticate` field for basic authentication (used most often) is constructed as following:
WWW-Authenticate: Basic realm="User Visible Realm"
# Client side
When the user agent wants to send the server authentication credentials it may use the ''Authorization'' field.
The ''Authorization'' field is constructed as follows: - The username and password are combined with a single colon. (:) - The resulting string is encoded into an octet sequence- The resulting string is encoded using a variant of Base64 - The authorization method and a space is then prepended to the encoded string, separated with a space
For example, if the browser uses `Aladdin` as the username and `OpenSesame` as the password, then the field's value is the base64-encoding of:
Aladdin:OpenSesame
will result in an Authorization header of:
Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
In the context of a HTTP transaction, basic access authentication is a method for a HTTP user agent to provide a user name and password when making a request - wikipedia