Hypertext Transfer Protocol (HTTP/1.1): Authentication
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/entity//" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/entity//Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/entity//)Use the native HTML custom element.
R. Fielding, J. Reschke · 2014-06
Abstract
The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypermedia information systems. This document defines the HTTP Authentication framework, as well as the 'Basic' and 'Bearer' authentication schemes.
Why This RFC Matters
RFC 7235 defined the extensible HTTP authentication framework — the challenge/response model using WWW-Authenticate and Authorization headers that underpins all HTTP-level authentication. The 401 Unauthorized and 407 Proxy Authentication Required status codes, the realm concept, and the auth-scheme/auth-params extensibility model defined here are used by Basic auth, Digest auth, Bearer token auth (OAuth 2.0), and virtually every other HTTP authentication mechanism. As part of the HTTP/1.1 specification revision, it obsoleted RFC 2617 and provided a cleaner foundation for OAuth and JWT-based bearer token authentication.