Cookbooks
Go
Chapter 11. HTML and the Web
Sending an HTTP request with basic authentication

Go:
Sending an HTTP request with basic authentication

How to:

To make an HTTP request with basic authentication in Go, you need to craft your request headers to include the Authorization field, populated with your credentials in the correct format. Below is an example that demonstrates how to perform a GET request to an API endpoint which requires basic authentication:

package main

import (
	"fmt"
	"net/http"
	"encoding/base64"
)

func main() {
	client := &http.Client{}
	req, err := http.NewRequest("GET", "http://example.com/api/data", nil)
	if err != nil {
		panic(err)
	}

	username := "yourUsername"
	password := "yourPassword"
    // Encode credentials
	auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
    // Set Authorization header
	req.Header.Add("Authorization", "Basic " + auth)

	resp, err := client.Do(req)
	if err != nil {
		panic(err)
	}
	defer resp.Body.Close()

	fmt.Println("Response status:", resp.Status)
}

Running this code will send a GET request to the specified URL with the necessary Authorization header. The output will look something like this, depending on your endpoint and service:

Response status: 200 OK

Deep Dive

Basic Authentication in HTTP requests is a widely supported method for enforcing access controls to web resources. It simply sends a user name and password with each request, making it easy to implement but not the most secure method available. One major drawback is that, unless used in conjunction with SSL/TLS, the credentials are sent in clear text (since Base64 is easily decoded). This can potentially expose sensitive information to man-in-the-middle attacks.

In Go, sending these requests involves manipulating the Authorization header directly. While Go’s standard library (net/http) provides powerful primitives for dealing with HTTP(s) communications, it’s relatively low level, requiring developers to handle various aspects of HTTP request/response handling manually. This gives programmers a lot of flexibility but also means that one must pay closer attention to security implications, encoding, and correct header management.

For applications requiring higher security, more advanced authentication systems such as OAuth2 or JWT (JSON Web Tokens) should be considered. These approaches provide more robust security features and are broadly supported across modern APIs and services. Go’s expanding ecosystem includes numerous libraries and tools (such as golang.org/x/oauth2, among others) to facilitate these more secure authentication methods, making it easier for developers to implement safe, effective, and modern authorization mechanisms in their applications.

Sending an HTTP request