Sending an HTTP request with basic authentication

Visual Basic for Applications:
Sending an HTTP request with basic authentication

How to:

In VBA, you can use the Microsoft XML, v6.0 (MSXML2) library to send HTTP requests with basic authentication. This involves setting the "Authorization" header of the request to include the credentials in a base64-encoded format. Here is a step-by-step guide:

  1. Reference MSXML2: First, ensure your VBA project references the Microsoft XML, v6.0 library. In the VBA editor, go to Tools > References and check Microsoft XML, v6.0.

  2. Create and send the HTTP request: Use the following VBA code snippet as a guide. Replace "your_username" and "your_password" with your actual credentials and adjust the URL as needed.

    Dim XMLHttp As Object
    Set XMLHttp = CreateObject("MSXML2.XMLHTTP")
    Dim url As String
    url = "" ' Replace with the actual URL
    Dim base64Credentials As String
    base64Credentials = EncodeBase64("your_username:your_password")
    XMLHttp.Open "GET", url, False
    XMLHttp.setRequestHeader "Authorization", "Basic " & base64Credentials
    Debug.Print XMLHttp.responseText ' Outputs the response to the Immediate Window
  3. Encode credentials in base64: VBA doesn’t have a built-in function for base64 encoding, but you can use this custom EncodeBase64 function:

    Function EncodeBase64(text As String) As String
        Dim arrData() As Byte
        arrData = StrConv(text, vbFromUnicode)
        Dim objXML As MSXML2.DOMDocument60
        Dim objNode As MSXML2.IXMLDOMElement
        Set objXML = New MSXML2.DOMDocument60
        Set objNode = objXML.createElement("b64")
        objNode.dataType = "bin.base64"
        objNode.nodeTypedValue = arrData
        EncodeBase64 = objNode.Text
    End Function

This will send a GET request to with the specified basic authentication credentials, and print the response.

Deep Dive

The approach used here, while effective for simple use cases, hinges on the Basic Authentication scheme, which sends credentials in an easily decodable format (base64 encoding is not encryption). Due to its vulnerability, especially in non-HTTPS contexts, Basic Authentication is not recommended for transmitting sensitive data over the internet without additional security layers like SSL/TLS.

Historically, Basic Authentication was one of the first methods developed for controlling access to web resources. Today, safer and more flexible authentication standards, such as OAuth 2.0, are generally preferred for new applications. Given VBA’s limitations and the external dependencies required for more advanced authentication methods, developers often employ VBA in internal or less security-critical environments or use it as a stepping stone to prototype ideas quickly.

When using VBA for HTTP requests, remember that each version of the MSXML library may support different features and security standards. Always use the most recent version compatible with your application to ensure better security and performance. Additionally, consider the environmental limitations and potential deprecated features when choosing VBA for new projects, especially those requiring secure HTTP communications. Other programming environments or languages might offer more robust, secure, and maintainable solutions for similar tasks.