Web requests with basic authentication in Powershell

05 July, 2022 | 465 words | View Raw | History

HTTP Basic Authentication is one of many authentication schemes supported by the HTTP protocol, and is a very common option when authenticating to a web service. The basic authentication scheme is very simple and consists of generating a base64 token from your username and password seperated by a colon (:) and putting the token in an Authorization HTTP header. Let’s explore some examples in Powershell.

Manually creating the token

Let’s start with an example from scratch.

 1# We define our username and password. Ideally this should come from environment variables
 2# or some secret store
 3$username = "user1"
 4$password = "pa55w0rd!"
 6# Join them into a single string, seperated by a colon (:)
 7$pair = "{0}:{1}" -f ($username, $password)
 9# Turn the string into a base64 encoded string
10$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
11$token = [System.Convert]::ToBase64String($bytes)
13# Define a basic 'Authorization' header with the token
14$headers = @{
15    Authorization = "Basic {0}" -f ($token)
18# Send a web request using our authorization header
19$response = Invoke-RestMethod -Uri "https://example.com/api" -Headers $headers

As you can see from the example above, we take our username and password and combine them into a single string seperated by a colon (:). Then we take that string and turn it into a Base64 encoded string. This is our token that we need to pass into the Authorization header. Our token will look like this.


Line 14-16 is were we create a custom header object to send with our request. Here we define the Authorization header and we tell it to use Basic authorization and then we provide our token.

On the last line we send our request with the custom header.

The powershell way

Since Basic Authentication is so common, Powershell has of course implemented a simpler solution.

 1# Again, these should come from env vars, Key Vault or some other secret store
 2$username = "user1"
 3$password = "pa55w0rd!"
 5# Since our password is plaintext we must convert it to a secure string
 6# before creating a PSCredential object
 7$securePassword = ConvertTo-SecureString -String $password -AsPlainText
 8$credential = [PSCredential]::new($username, $securePassword)
10# Tell Invoke-RestMethod to use Basic Authentication scheme with our credentials
11$response = Invoke-RestMethod -Uri "https://example.com/api" -Authentication Basic -Credential $credential

This works by telling the Invoke-RestMethod cmdlet which authentication scheme we want to use and provide a PSCredential object and it will do the rest for us.

This way is much simpler because we dont need to worry about generating the token and in many situations we already have a PSCredential object.


Knowing how to use basic authentication with Powershell can be very handy since most systems support this authentication scheme. As we saw in this article Powershell has made it really simple to use.