In Function Compute, you can configure Basic authentication for an HTTP trigger. This provides a simple and secure way for authorized users to access the function.
Background information
Function Compute supports Basic authentication for HTTP triggers. You configure the usernames and passwords of authorized users in the Function Compute console. When a client makes a request, it must include the valid, Base64-encoded username and password in the Authorization header. The function can be accessed only if the credentials in the request match the credentials configured for the trigger.
Prerequisites
Before you begin, create a function and an HTTP trigger. For more information, see Create a function and Configure an HTTP trigger.
Limits
The user list can contain a maximum of 20 users.
A username must be 12 to 128 characters in length and must follow the FC resource naming conventions.
A password must be 12 to 128 characters in length. It must contain uppercase letters, lowercase letters, digits, and at least one special character:
! @ # $ % ^ & * ( ).Each user must have a unique password. Avoid using common combinations for passwords to prevent security risks from weak passwords.
After you configure Basic authentication, use the HTTPS protocol in production environments. The HTTP protocol is for development and testing only. Function Compute is not responsible for any security issues, such as username and password leaks, caused using the HTTP protocol.
Function Compute only stores and verifies the user information that you configure. You are responsible for managing the users. Promptly rotate passwords that have been compromised or are considered insecure. Also, rotate passwords that have been in use for a long time.
Procedure
Step 1: Configure Basic authentication
Log on to the Function Compute console. In the navigation pane on the left, choose .
In the top navigation bar, select a region. On the Functions page, click the target function.
On the function details page, click the Triggers tab. Then, click Modify in the Actions column of the HTTP trigger.
In the Modify Trigger panel, set the following parameters and then click OK.
Set Authentication Method to Basic Authentication.
Users: Enter a Username and Password. For the username and password requirements, see Limits.
Step 2: Verify the configuration
Use a cURL command to send a verification request. The request must include the valid, Base64-encoded username and password in the Authorization header.
On the Triggers tab of the target function's details page, obtain the public endpoint of the HTTP trigger.
On the command line, run the following command to Base64-encode the username and password.
echo -n "username:password" | base64The command returns the encoded user information.
On the command line, run the cURL command to invoke the function.
The following is a sample command:
curl -X POST "https://example.com" -H "Authorization: Basic YmFzaWMtYXV0aGVudGljYXRpb246MTUyMkBaaHV6aTV6****="Parameters:
Replace
https://example.comwith the public endpoint of the trigger that you obtained in the first step.The value of the Authorization request header must start with `Basic` followed by a space.
FAQ
Why does accessing the trigger URL return an authorization require message after I enable Basic authentication?
This message indicates that the request to access the HTTP trigger does not contain a valid Authorization header. Check whether the request includes the Authorization header and whether the user information in the header value is correct.
Why does accessing the trigger URL return an Authorization header must start with Basic message after I enable Basic authentication?
According to RFC 7617, when a client sends a request using Basic authentication, the request must include an Authorization header. The value of this header must start with `Basic`.
Are there extra charges for enabling Basic authentication?
No, there are not. The fees for gateway-related features provided by Function Compute are included in the charges for function invocations. Therefore, no extra fees are generated regardless of whether you enable Basic authentication.