Adding an Authorization: Basic header sounds trivial until you realise the tool you want to debug, a desktop app, an old SDK, or a browser extension, gives you no way to do it. Fluxzy lets you inject that credential from a YAML rule scoped to exactly the hosts and paths that need it, which keeps the secret in one place and stops it from leaking to unrelated upstreams.
Use addAuthorizationBasicAction when an upstream endpoint expects an Authorization: Basic header and the client either cannot send one or you would rather not hard code the credentials in the client.
Typical situations include:
The action evaluates on requestHeaderReceivedFromClient, so the header is added before the request leaves Fluxzy. Combine it with a hostFilter or pathFilter to avoid leaking the credential to unrelated hosts.
Scope the credential to one host so it never leaks to third party services. The browser or tool can stay unauthenticated.
rules:
- filter:
typeKind: HostFilter
pattern: api.internal.example.com
actions:
- typeKind: AddAuthorizationBasicAction
user: ci-bot
password: s3cret!
Useful when only the admin endpoints of a service require Basic auth and the rest is public.
rules:
- filter:
typeKind: FilterCollection
operation: And
children:
- typeKind: HostFilter
pattern: legacy.example.com
- typeKind: PathFilter
pattern: ^/admin/
operation: Regex
actions:
- typeKind: AddAuthorizationBasicAction
user: ops
password: rotated-password
If the client already sends a Basic header, follow this action with updateRequestHeaderAction if you need to ensure the new value wins.
rules:
- filter:
typeKind: HasAuthorizationFilter
actions:
- typeKind: AddAuthorizationBasicAction
user: replacement-user
password: replacement-pass
Add Authorization Basic to the request header.
Evaluation scope defines the timing where this filter will be applied.
requestHeaderReceivedFromClient This scope occurs the moment fluxzy parsed the request header receiveid from client
addAuthorizationBasicAction
The following table describes the customizable properties available for this action:
| Property | Type | Description | DefaultValue |
|---|---|---|---|
| password | string | ||
| user | string |
The following examples apply this action to any exchanges
Add Authorization Basic to the request header.
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: AddAuthorizationBasicAction
password: password
user: username
View definition of AddAuthorizationBasicAction for .NET integration.
This action has no related action
No. The credentials are stored in plain text in the YAML. Keep rule files out of version control or substitute the values from environment variables at deployment time.
The new header is appended. Most servers honour the first header they parse, so combine with deleteRequestHeaderAction or updateRequestHeaderAction if you need the new value to take precedence.
Yes. addAuthorizationBasicAction operates at the HTTP layer and stacks cleanly with setClientCertificateAction when a server requires both client certificate and Basic auth.
Use setVariableAction upstream to declare a variable, then reference it from the user or password fields. Fluxzy will resolve it at evaluation time.