HTTPie --auth: Basic, Bearer, and Digest Auth
http --auth user:pass adds an Authorization header, defaulting to HTTP Basic auth.
HTTPie handles the common auth schemes without you hand-building the header. --auth takes credentials and --auth-type selects the scheme.
What it does
--auth user:password sends HTTP Basic credentials. --auth-type=digest switches to Digest. If you pass only a username with --auth user, HTTPie prompts for the password, which hangs CI, so always pass both. For Bearer tokens, set the header directly with Authorization:"Bearer $TOKEN" rather than --auth.
Common usage
http --auth user:pass GET example.com/api/private
http --auth-type=digest --auth user:pass GET example.com/api
# bearer token via header, sourced from a secret env var
http GET example.com/api "Authorization:Bearer $TOKEN"Options
| Flag | What it does |
|---|---|
| --auth, -a user:pass | Credentials for authentication |
| --auth-type, -A basic|digest | Authentication scheme (default basic) |
| Authorization:Bearer <t> | Header form for token/Bearer auth |
| --session <name> | Persist auth across requests (see sessions) |
In CI
Read credentials from secret environment variables, never hardcode them: --auth "$USER:$PASS". Passing only a username triggers an interactive password prompt that stalls the job, so always include the password (or an empty one as user:).
Common errors in CI
A 401 Unauthorized means the credentials are wrong, empty, or the wrong scheme (Basic where the API expects Bearer). If the job hangs on an auth call, you passed --auth user without a password and HTTPie is waiting at the prompt. A 403 means the credentials were accepted but lack permission.