How do I use the Match Basic Authentication Headers regex?

Use the pattern /Basic\s+([A-Za-z0-9+/]*={0,2})/g in JavaScript with RegExp or String.prototype.match(). Try it in the interactive tester above with pre-loaded test strings.

Regex to Match Basic Authentication Headers

Match HTTP Basic Authentication header values with Base64-encoded credentials. Captures the encoded username:password string. Free online regex tester.

Regular Expression

/Basic\s+([A-Za-z0-9+/]*={0,2})/g

Token Breakdown

Token	Description
B	Matches the literal character 'B'
a	Matches the literal character 'a'
s	Matches the literal character 's'
i	Matches the literal character 'i'
c	Matches the literal character 'c'
\s	Matches any whitespace character (space, tab, newline)
+	Matches the preceding element one or more times (greedy)
(	Start of capturing group
[A-Za-z0-9+/]	Character class — matches any one of: A-Za-z0-9+/
*	Matches the preceding element zero or more times (greedy)
=	Matches the literal character '='
{0,2}	Matches between 0 and 2 times
)	End of group

Detailed Explanation

This regex matches HTTP Basic Authentication credentials as transmitted in the Authorization header. Here is the token-by-token breakdown:

Basic — Matches the literal string Basic, identifying the HTTP Basic authentication scheme. This is case-sensitive as defined in the HTTP specification.

\s+ — Matches one or more whitespace characters between the scheme identifier and the encoded credentials.

( — Opens a capturing group for the Base64-encoded credentials.

[A-Za-z0-9+/]* — Matches zero or more characters from the Base64 alphabet: uppercase letters, lowercase letters, digits, plus signs, and forward slashes. The credentials are the Base64 encoding of the string username:password.

={0,2} — Matches zero to two equals signs for Base64 padding. Base64 encoding pads the output with equals signs to make the length a multiple of four characters. Zero, one, or two padding characters may be needed.

) — Closes the capturing group.

The g flag enables global matching. HTTP Basic Authentication is one of the simplest authentication mechanisms. The client sends the username and password as a Base64-encoded string in the Authorization header: Authorization: Basic dXNlcjpwYXNz (which decodes to user:pass).

This pattern is useful for identifying Basic auth headers in HTTP logs, security scanning tools, proxy servers, and authentication middleware. The captured group can be decoded to extract the username and password. Note that Basic auth transmits credentials in a reversible encoding (not encrypted), so it should only be used over HTTPS connections.

Example Test Strings

Input	Expected
Basic dXNlcjpwYXNz	Match
Basic YWRtaW46YWRtaW4=	Match
Bearer token123	No Match
Basic	Match
basic lowercase	No Match

Try It — Interactive Tester

Regular Expression

//g

Flags

gglobalicase-insensitivemmultilinesdotAlluunicodeysticky

Test String

Match Highlighting(3 matches)

Basic dXNlcjpwYXNz Basic YWRtaW46YWRtaW4= Bearer token123 Basic basic lowercase

Matches & Capture Groups

#1Basic dXNlcjpwYXNzindex 0

Group 1:dXNlcjpwYXNz

#2Basic YWRtaW46YWRtaW4=index 19

Group 1:YWRtaW46YWRtaW4=

#3Basic basicindex 58

Group 1:basic

Pattern: 30 charsFlags: gMatches: 3

Ctrl+Shift+C to copy regex

Customize this pattern →

Related Regex Patterns

Regex to Match Bearer Token Authorization Headers

/Bearer\s+([A-Za-z0-9\-._~+/]+=*)/g

Regex to Match Base64 Encoded Strings

/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/m

Regex to Match HTTP Header Lines

/^([A-Za-z][A-Za-z0-9-]*):\s*(.+)$/gm

Regex to Match API Key Formats

/(?:sk|pk|api|key)[-_]?(?:live|test|prod|dev)?[-_]?[A-Za-z0-9]{16,64}/g