Outbound Basic Auth Policy

Important: This page describes Classic APIM. For APIM 3.0, refer to API Management 3.0.

Uses a Basic Authentication account for verification for requests to external endpoints. It provides the flexibility to add login credentials to the header, body, or query string parameter.

A preconfigured Basic Auth account is required to connect with the backend service and access third-party URLs.

Note:

The Basic Auth Outbound Policy isn't available for Triggered Task or Ultra Task endpoints.
The preconfigured accounts used in this policy automatically reflect the changes made to the name of Basic Auth account in the global shared folder.
Deletion of the Basic Auth account invalidates the policy and displays an error. In this case, you must select another account by navigating to the Policy Setting.

Prerequisites

Preconfigured Basic Authentication Account.

Supported Account Types

API Suite Basic Authentication Account.

Policy execution order

The Outbound Basic Auth Policy executes after all policies, when the proxy calls the downstream API.

Known Issues

When you use the HTTP Retry Policy with the Basic Auth policy, the request fails with an error message. This issue only applies to Proxies created after the February 2024 release. Existing Proxies are unaffected.

Workaround: Delete the HTTP Retry Policy.


Field Name	Description
When this policy should be applied	An expression that defines one or more conditions that must be true for the policy to execute. Example: The expression `request.method == "POST"` causes the policy to execute only on `POST` requests.
Token Location	Required.Select the token location as Header/Body/Query. Default value: Header Example: Header
Authorization Scheme	Required.Select Bearer/Custom Authorization Scheme if you selected the Header option. Default value: Basic Example: Basic
Custom Authorization Scheme	Add your custom scheme token. Default value: N/A Example: N/A
Description	Default value: Outbound requests are being authenticated with Basic Auth