Skip to content
Latchkey

HTTPie --auth: Basic, Bearer, and Digest Auth

http --auth user:pass adds an Authorization header, defaulting to HTTP Basic auth.

HTTPie handles the common auth schemes without you hand-building the header. --auth takes credentials and --auth-type selects the scheme.

What it does

--auth user:password sends HTTP Basic credentials. --auth-type=digest switches to Digest. If you pass only a username with --auth user, HTTPie prompts for the password, which hangs CI, so always pass both. For Bearer tokens, set the header directly with Authorization:"Bearer $TOKEN" rather than --auth.

Common usage

Terminal
http --auth user:pass GET example.com/api/private
http --auth-type=digest --auth user:pass GET example.com/api
# bearer token via header, sourced from a secret env var
http GET example.com/api "Authorization:Bearer $TOKEN"

Options

FlagWhat it does
--auth, -a user:passCredentials for authentication
--auth-type, -A basic|digestAuthentication scheme (default basic)
Authorization:Bearer <t>Header form for token/Bearer auth
--session <name>Persist auth across requests (see sessions)

In CI

Read credentials from secret environment variables, never hardcode them: --auth "$USER:$PASS". Passing only a username triggers an interactive password prompt that stalls the job, so always include the password (or an empty one as user:).

Common errors in CI

A 401 Unauthorized means the credentials are wrong, empty, or the wrong scheme (Basic where the API expects Bearer). If the job hangs on an auth call, you passed --auth user without a password and HTTPie is waiting at the prompt. A 403 means the credentials were accepted but lack permission.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →