Documentation

Basic Authentication in GravityWP API Connector

Basic Authentication is an HTTP authentication method that uses a username and password to access a protected API. Many older or internal APIs still use it because it’s simple to implement and easy to test.

In API Connector, you can create a Basic Auth API connection once, then reuse it across multiple API feeds.

When to use Basic Authentication

Use Basic Authentication when your API provider gives you:

  • a username and password, or
  • credentials that behave like a username/password pair (common in older systems)

If your provider gives you a single token value (often starting with pat-, sk-, or similar), Bearer Token is usually the better fit.

If your provider requires a consent screen and a redirect URL, you likely need OAuth 2.0 Authorization Code instead.

How Basic Authentication works

With Basic Authentication:

  • The client (your site) sends a username and password with the request.
  • The credentials are typically sent using the HTTP Authorization header with the Basic scheme.
  • The credentials are encoded using Base64, which is not encryption (it’s just encoding).

In API Connector, Basic Authentication is applied automatically when a feed uses a Basic Auth connection.

Important security note: Because the credentials are not encrypted by Basic Auth itself, Basic Auth should be used over HTTPS so the connection is protected in transit.

What you need before you start

Create a Basic Authentication API connection

Go to the API Connector settings area in your WordPress admin and add a new API connection.

Fill in these fields:

  • API Name
     A label to recognize the connection later (example: Internal CRM – Basic Auth).
  • Slug
     A unique identifier for the connection. (This can’t be changed later.)
  • Base URL
     The root domain of the API you want to call (example: https://api.example.com).
  • Authentication method
     Select Basic Auth.
  • Username / Password
     Enter the credentials provided by your API provider.

After saving, this connection becomes available inside API feeds so you can run authenticated requests without re-entering credentials every time.

API Connector Basic Authentication connection fields with username and password inputs
Create a Basic Auth API connection by selecting “Basic Auth” and entering the username and password from your API provider.

Use the Basic Auth connection in an API feed

Once the connection is saved, you use it inside an API feed:

  1. Go to Forms → (your form) → Settings → API Connector
  2. Click Add New Feed
  3. Select your Basic Auth connection
  4. Choose your request method (GET/POST/etc.) and configure the endpoint, parameters, and mappings as needed

API Connector will use the authentication method from the selected connection when the feed runs.

If the request fails, confirm the endpoint supports Basic Auth and that the credentials are correct.

Common use cases

Basic Authentication is commonly used for:

  • Internal business systems with a simple login requirement
  • Legacy CRMs or databases that still use username/password access
  • Private APIs behind a gateway that expects Basic Auth credentials

Security and maintenance notes

  • For Basic Authentication, HTTPS is strongly recommended because the credentials are only encoded, not encrypted.
  • Use HTTPS whenever possible. Basic Auth credentials are not encrypted by the scheme itself.
  • Treat credentials like admin passwords. Only trusted site admins should have access to API Connector settings.
  • Use least privilege if your provider supports it. Some systems let you create “read-only” users. Prefer those for lookups.

Troubleshooting

401 Unauthorized / Invalid credentials

  • Confirm the username and password are correct.
  • Check whether the provider expects:
    • a special username format, or
    • an API-generated password instead of the account password

403 Forbidden

  • The credentials are valid, but the user does not have permission for that endpoint.
  • Confirm the user has access rights for the specific resource you are calling.

Works in Postman but not in API Connector

  • Compare the Base URL + endpoint path.
  • Double-check the API requires Basic Auth, not Bearer Token.
  • Confirm you’re calling the same exact URL and method.

Related documentation

FAQ

What is Basic Authentication in API Connector?

Basic Authentication is a username/password method used to authenticate API requests. API Connector supports it as a connection type so you can reuse the same credentials across feeds.

Is Basic Authentication secure?

It can be secure when used over HTTPS. The credentials are Base64-encoded, not encrypted, so HTTPS is important to protect them in transit.

When should I use Bearer Token instead?

Use Bearer Token when your provider gives you one token value (a single secret string) instead of a username/password pair.

Do I need to add anything in my feed to “enable” Basic Auth?

No. You select the Basic Auth connection in the feed. The feed uses the connection’s authentication method automatically.

API Connector v1.1.2

For this functionality you need the GravityWP - API Connector Add-on installed.

Read more
When to use Basic Authentication How Basic Authentication works What you need before you start Create a Basic Authentication API connection Use the Basic Auth connection in an API feed Common use cases Security and maintenance notes Troubleshooting Related documentation FAQ What is Basic Authentication in API Connector? Is Basic Authentication secure? When should I use Bearer Token instead? Do I need to add anything in my feed to “enable” Basic Auth?
Proudly powered by WordPress
How can I help you?