Master cURL Basic Auth: A Proxy-Focused Guide





Michael Chen
Tool Guides
Diving Into cURL and Basic Authentication
Ah, cURL. If you've spent any time tinkering with web requests or APIs from the command line, you've likely encountered this trusty tool. Bundled with most operating systems, cURL is the Swiss Army knife for transferring data using various network protocols. It might not have the slick graphical interface of some modern tools, but don't let its simplicity fool you – cURL is remarkably capable.
Its real strength lies in its flexibility. From simple GET requests to check if a site is up, all the way to crafting complex interactions for testing or light web scraping, cURL handles a vast range of tasks. You can find more about its general use in our exploration of cURL data transfers.
Naturally, many online resources aren't wide open; they require you to prove who you are. That's where authentication comes in, and cURL, predictably, has ways to handle that, including the fundamental method: Basic Authentication.
So, What Exactly is Basic Authentication?
Basic access authentication, often just called "Basic Auth," is a straightforward method for a client (like your cURL command) to provide a username and password when making an HTTP request. Think of it as showing your ID card at a checkpoint.
The mechanism is quite simple under the hood. The username and password, joined by a colon (username:password
), are encoded using Base64. This encoded string is then sent in the HTTP request header like so: Authorization: Basic <encoded-credentials>
. The server receiving the request decodes the string and checks the credentials.
Here's a critical point: Because Base64 is easily decoded, Basic Auth is only secure when transmitted over an encrypted connection, meaning HTTPS. Sending these credentials over plain HTTP is like shouting your password across a crowded room – not recommended!
Using Basic Auth with cURL Commands
The Basic Syntax
Getting cURL to use Basic Auth is refreshingly simple. You just need to add a specific flag. Like many command-line tools, cURL offers a short and long version:
Use the -u
flag followed by your credentials:
curl \
-u
Alternatively, you can use the more descriptive --user
flag:
curl \
--user
If you're cautious about your password appearing in your command history or system logs (which is generally a good practice!), you can provide only the username with the flag:
curl -u
When you run this, cURL will securely prompt you to enter the password, which won't be displayed on the screen or logged.
You'll often combine the authentication flag with others to build your request:
-X
: Specifies the HTTP method (e.g., GET, POST, PUT). Learn more about POST requests with cURL.-H
: Adds custom HTTP headers, like setting a specific User-Agent.-d
: Includes data in the request body, typically used with POST or PUT methods.
Handling Passwords with Special Characters
What happens if your password contains characters like @
, &
, :
, or #
? These can sometimes confuse the command-line interpreter or cURL itself. Thankfully, there are a couple of ways around this.
First, you can enclose the entire username:password
string in single quotes. This tells the shell to treat the enclosed text literally. Be aware, though, if your username or password itself contains a single quote ('
), this method won't work as expected.
curl \
-u 'myuser:p@ss&w?rd!'
The second, often more robust method, is to URL-encode the special characters within your password (or username, if necessary). Each special character has a corresponding %
followed by a hexadecimal code.
curl \
-u
Here's a handy table for common special characters and their URL-encoded equivalents:
Character | URL Encoded Value |
---|---|
Space | %20 |
" | %22 |
# | %23 |
$ | %24 |
% | %25 |
& | %26 |
' | %27 |
( | %28 |
) | %29 |
* | %2A |
+ | %2B |
, | %2C |
/ | %2F |
: | %3A |
; | %3B |
= | %3D |
? | %3F |
@ | %40 |
[ | %5B |
] | %5D |
` | %60 |
{ | %7B |
} | %7D |
~ | %7E |
A Quick Look at Bearer Token Authentication
While Basic Auth is... well, basic, many modern APIs use a different approach called Bearer Token authentication, often as part of the OAuth 2.0 framework. Instead of sending a static username and password, you send a temporary, often short-lived, token.
Bearer tokens are generally considered more secure. They can be easily revoked, might have limited permissions (e.g., read-only), and don't expose the user's primary credentials. cURL handles these using the -H
flag to set the `Authorization` header directly:
curl \
-H "Authorization: Bearer abc123xyzTOKENetc"
Dealing with the '407 Proxy Authentication Required' Error
Sometimes, the authentication challenge doesn't come from the final destination website or API, but from an intermediary: a proxy server. If you're routing your cURL requests through a proxy (like those offered by Evomi), and that proxy requires its own credentials, you might encounter a `407 Proxy Authentication Required` error.
If the reason for the error isn't immediately obvious, you can add the -v
(verbose) flag to your cURL command. This will print detailed information about the connection process, including the exact response from the proxy server, which might shed light on the issue.
curl -v
To actually authenticate with the proxy server itself, cURL uses different flags. You specify the proxy server address and port using the -x
flag, and provide the proxy's username and password using the -U
flag (note the uppercase U!).
If the *target* website also requires authentication (like Basic Auth we discussed earlier), you still include the regular -u
flag for that. Here's how it looks combined, using an example structure relevant for Evomi's residential proxies:
curl \
-x rp.evomi.com:1000 \
-U evomi_proxy_user:evomi_proxy_pass \
-u
In this command:
-x rp.evomi.com:1000
tells cURL to use the proxy server at `rp.evomi.com` on port `1000`.-U evomi_proxy_user:evomi_proxy_pass
provides the credentials needed to access the Evomi proxy.-u website_user:website_pass
provides the Basic Auth credentials for the final destination, `https://target-site.com`.
Getting proxy authentication right is crucial for tasks like web scraping or managing multiple accounts. If you need reliable, ethically sourced proxies for your projects, you might want to explore Evomi's residential proxy plans – we even offer a free trial to get you started.
Diving Into cURL and Basic Authentication
Ah, cURL. If you've spent any time tinkering with web requests or APIs from the command line, you've likely encountered this trusty tool. Bundled with most operating systems, cURL is the Swiss Army knife for transferring data using various network protocols. It might not have the slick graphical interface of some modern tools, but don't let its simplicity fool you – cURL is remarkably capable.
Its real strength lies in its flexibility. From simple GET requests to check if a site is up, all the way to crafting complex interactions for testing or light web scraping, cURL handles a vast range of tasks. You can find more about its general use in our exploration of cURL data transfers.
Naturally, many online resources aren't wide open; they require you to prove who you are. That's where authentication comes in, and cURL, predictably, has ways to handle that, including the fundamental method: Basic Authentication.
So, What Exactly is Basic Authentication?
Basic access authentication, often just called "Basic Auth," is a straightforward method for a client (like your cURL command) to provide a username and password when making an HTTP request. Think of it as showing your ID card at a checkpoint.
The mechanism is quite simple under the hood. The username and password, joined by a colon (username:password
), are encoded using Base64. This encoded string is then sent in the HTTP request header like so: Authorization: Basic <encoded-credentials>
. The server receiving the request decodes the string and checks the credentials.
Here's a critical point: Because Base64 is easily decoded, Basic Auth is only secure when transmitted over an encrypted connection, meaning HTTPS. Sending these credentials over plain HTTP is like shouting your password across a crowded room – not recommended!
Using Basic Auth with cURL Commands
The Basic Syntax
Getting cURL to use Basic Auth is refreshingly simple. You just need to add a specific flag. Like many command-line tools, cURL offers a short and long version:
Use the -u
flag followed by your credentials:
curl \
-u
Alternatively, you can use the more descriptive --user
flag:
curl \
--user
If you're cautious about your password appearing in your command history or system logs (which is generally a good practice!), you can provide only the username with the flag:
curl -u
When you run this, cURL will securely prompt you to enter the password, which won't be displayed on the screen or logged.
You'll often combine the authentication flag with others to build your request:
-X
: Specifies the HTTP method (e.g., GET, POST, PUT). Learn more about POST requests with cURL.-H
: Adds custom HTTP headers, like setting a specific User-Agent.-d
: Includes data in the request body, typically used with POST or PUT methods.
Handling Passwords with Special Characters
What happens if your password contains characters like @
, &
, :
, or #
? These can sometimes confuse the command-line interpreter or cURL itself. Thankfully, there are a couple of ways around this.
First, you can enclose the entire username:password
string in single quotes. This tells the shell to treat the enclosed text literally. Be aware, though, if your username or password itself contains a single quote ('
), this method won't work as expected.
curl \
-u 'myuser:p@ss&w?rd!'
The second, often more robust method, is to URL-encode the special characters within your password (or username, if necessary). Each special character has a corresponding %
followed by a hexadecimal code.
curl \
-u
Here's a handy table for common special characters and their URL-encoded equivalents:
Character | URL Encoded Value |
---|---|
Space | %20 |
" | %22 |
# | %23 |
$ | %24 |
% | %25 |
& | %26 |
' | %27 |
( | %28 |
) | %29 |
* | %2A |
+ | %2B |
, | %2C |
/ | %2F |
: | %3A |
; | %3B |
= | %3D |
? | %3F |
@ | %40 |
[ | %5B |
] | %5D |
` | %60 |
{ | %7B |
} | %7D |
~ | %7E |
A Quick Look at Bearer Token Authentication
While Basic Auth is... well, basic, many modern APIs use a different approach called Bearer Token authentication, often as part of the OAuth 2.0 framework. Instead of sending a static username and password, you send a temporary, often short-lived, token.
Bearer tokens are generally considered more secure. They can be easily revoked, might have limited permissions (e.g., read-only), and don't expose the user's primary credentials. cURL handles these using the -H
flag to set the `Authorization` header directly:
curl \
-H "Authorization: Bearer abc123xyzTOKENetc"
Dealing with the '407 Proxy Authentication Required' Error
Sometimes, the authentication challenge doesn't come from the final destination website or API, but from an intermediary: a proxy server. If you're routing your cURL requests through a proxy (like those offered by Evomi), and that proxy requires its own credentials, you might encounter a `407 Proxy Authentication Required` error.
If the reason for the error isn't immediately obvious, you can add the -v
(verbose) flag to your cURL command. This will print detailed information about the connection process, including the exact response from the proxy server, which might shed light on the issue.
curl -v
To actually authenticate with the proxy server itself, cURL uses different flags. You specify the proxy server address and port using the -x
flag, and provide the proxy's username and password using the -U
flag (note the uppercase U!).
If the *target* website also requires authentication (like Basic Auth we discussed earlier), you still include the regular -u
flag for that. Here's how it looks combined, using an example structure relevant for Evomi's residential proxies:
curl \
-x rp.evomi.com:1000 \
-U evomi_proxy_user:evomi_proxy_pass \
-u
In this command:
-x rp.evomi.com:1000
tells cURL to use the proxy server at `rp.evomi.com` on port `1000`.-U evomi_proxy_user:evomi_proxy_pass
provides the credentials needed to access the Evomi proxy.-u website_user:website_pass
provides the Basic Auth credentials for the final destination, `https://target-site.com`.
Getting proxy authentication right is crucial for tasks like web scraping or managing multiple accounts. If you need reliable, ethically sourced proxies for your projects, you might want to explore Evomi's residential proxy plans – we even offer a free trial to get you started.
Diving Into cURL and Basic Authentication
Ah, cURL. If you've spent any time tinkering with web requests or APIs from the command line, you've likely encountered this trusty tool. Bundled with most operating systems, cURL is the Swiss Army knife for transferring data using various network protocols. It might not have the slick graphical interface of some modern tools, but don't let its simplicity fool you – cURL is remarkably capable.
Its real strength lies in its flexibility. From simple GET requests to check if a site is up, all the way to crafting complex interactions for testing or light web scraping, cURL handles a vast range of tasks. You can find more about its general use in our exploration of cURL data transfers.
Naturally, many online resources aren't wide open; they require you to prove who you are. That's where authentication comes in, and cURL, predictably, has ways to handle that, including the fundamental method: Basic Authentication.
So, What Exactly is Basic Authentication?
Basic access authentication, often just called "Basic Auth," is a straightforward method for a client (like your cURL command) to provide a username and password when making an HTTP request. Think of it as showing your ID card at a checkpoint.
The mechanism is quite simple under the hood. The username and password, joined by a colon (username:password
), are encoded using Base64. This encoded string is then sent in the HTTP request header like so: Authorization: Basic <encoded-credentials>
. The server receiving the request decodes the string and checks the credentials.
Here's a critical point: Because Base64 is easily decoded, Basic Auth is only secure when transmitted over an encrypted connection, meaning HTTPS. Sending these credentials over plain HTTP is like shouting your password across a crowded room – not recommended!
Using Basic Auth with cURL Commands
The Basic Syntax
Getting cURL to use Basic Auth is refreshingly simple. You just need to add a specific flag. Like many command-line tools, cURL offers a short and long version:
Use the -u
flag followed by your credentials:
curl \
-u
Alternatively, you can use the more descriptive --user
flag:
curl \
--user
If you're cautious about your password appearing in your command history or system logs (which is generally a good practice!), you can provide only the username with the flag:
curl -u
When you run this, cURL will securely prompt you to enter the password, which won't be displayed on the screen or logged.
You'll often combine the authentication flag with others to build your request:
-X
: Specifies the HTTP method (e.g., GET, POST, PUT). Learn more about POST requests with cURL.-H
: Adds custom HTTP headers, like setting a specific User-Agent.-d
: Includes data in the request body, typically used with POST or PUT methods.
Handling Passwords with Special Characters
What happens if your password contains characters like @
, &
, :
, or #
? These can sometimes confuse the command-line interpreter or cURL itself. Thankfully, there are a couple of ways around this.
First, you can enclose the entire username:password
string in single quotes. This tells the shell to treat the enclosed text literally. Be aware, though, if your username or password itself contains a single quote ('
), this method won't work as expected.
curl \
-u 'myuser:p@ss&w?rd!'
The second, often more robust method, is to URL-encode the special characters within your password (or username, if necessary). Each special character has a corresponding %
followed by a hexadecimal code.
curl \
-u
Here's a handy table for common special characters and their URL-encoded equivalents:
Character | URL Encoded Value |
---|---|
Space | %20 |
" | %22 |
# | %23 |
$ | %24 |
% | %25 |
& | %26 |
' | %27 |
( | %28 |
) | %29 |
* | %2A |
+ | %2B |
, | %2C |
/ | %2F |
: | %3A |
; | %3B |
= | %3D |
? | %3F |
@ | %40 |
[ | %5B |
] | %5D |
` | %60 |
{ | %7B |
} | %7D |
~ | %7E |
A Quick Look at Bearer Token Authentication
While Basic Auth is... well, basic, many modern APIs use a different approach called Bearer Token authentication, often as part of the OAuth 2.0 framework. Instead of sending a static username and password, you send a temporary, often short-lived, token.
Bearer tokens are generally considered more secure. They can be easily revoked, might have limited permissions (e.g., read-only), and don't expose the user's primary credentials. cURL handles these using the -H
flag to set the `Authorization` header directly:
curl \
-H "Authorization: Bearer abc123xyzTOKENetc"
Dealing with the '407 Proxy Authentication Required' Error
Sometimes, the authentication challenge doesn't come from the final destination website or API, but from an intermediary: a proxy server. If you're routing your cURL requests through a proxy (like those offered by Evomi), and that proxy requires its own credentials, you might encounter a `407 Proxy Authentication Required` error.
If the reason for the error isn't immediately obvious, you can add the -v
(verbose) flag to your cURL command. This will print detailed information about the connection process, including the exact response from the proxy server, which might shed light on the issue.
curl -v
To actually authenticate with the proxy server itself, cURL uses different flags. You specify the proxy server address and port using the -x
flag, and provide the proxy's username and password using the -U
flag (note the uppercase U!).
If the *target* website also requires authentication (like Basic Auth we discussed earlier), you still include the regular -u
flag for that. Here's how it looks combined, using an example structure relevant for Evomi's residential proxies:
curl \
-x rp.evomi.com:1000 \
-U evomi_proxy_user:evomi_proxy_pass \
-u
In this command:
-x rp.evomi.com:1000
tells cURL to use the proxy server at `rp.evomi.com` on port `1000`.-U evomi_proxy_user:evomi_proxy_pass
provides the credentials needed to access the Evomi proxy.-u website_user:website_pass
provides the Basic Auth credentials for the final destination, `https://target-site.com`.
Getting proxy authentication right is crucial for tasks like web scraping or managing multiple accounts. If you need reliable, ethically sourced proxies for your projects, you might want to explore Evomi's residential proxy plans – we even offer a free trial to get you started.

Author
Michael Chen
AI & Network Infrastructure Analyst
About Author
Michael bridges the gap between artificial intelligence and network security, analyzing how AI-driven technologies enhance proxy performance and security. His work focuses on AI-powered anti-detection techniques, predictive traffic routing, and how proxies integrate with machine learning applications for smarter data access.