HTTP Authentication

Compatibility

Not every client supports every authentication scheme natively. This matrix shows which clients handle each scheme automatically, which require manual setup, and which are unsupported.

← Back to schemesLive demos →

Criteria

NativeThe client opens an interactive authentication view or automatically configures the credential parameter without additional code.
PartialThe client exposes a dedicated property or option to supply credentials, but does not detect or negotiate the scheme automatically from the server challenge.
Not supported.

Compatibility matrix

Client
Basic
RFC 7617
Digest
RFC 7616
Bearer
RFC 6750
Bearer + Discovery
RFC 9728
Chrome
Browser — native credential dialog
NativeNative
Firefox
Browser — native credential dialog
NativeNative
Safari
Browser — native credential dialog
NativeNative
curl
Command-line HTTP tool
PartialPartialPartial
wget
Command-line HTTP tool
PartialPartial
http (HTTPie)
Command-line HTTP tool with auth plugins
PartialPartialPartial
fetch / XHR
Browser-side JavaScript HTTP API
axios
JavaScript HTTP library
Partial
requests
Python HTTP library
PartialPartial
Postman
API client with OAuth 2.0 support
PartialPartialPartial
Insomnia
API client with OAuth 2.0 support
PartialPartialPartial
Claude
MCP client — Model Context Protocol
PartialNative
Perplexity
MCP client — Model Context Protocol
PartialNative

When to use each scheme

BasicNot recommended

Use only for internal tooling, legacy systems, or when HTTPS is guaranteed and no better option exists. Broad client support makes it tempting, but the password is reversibly encoded — treat every request as if it sends the plaintext password.

DigestLegacy

An improvement over Basic but limited to environments where browsers handle it natively. Poor JavaScript and modern-framework support makes it impractical for new APIs.

BearerRecommended for APIs

The standard for modern APIs. Any client that can set a request header works. Token issuance (OAuth 2.0 flows) must be configured externally — use RFC 9728 discovery if you want zero-config clients.

Bearer + DiscoveryModern · Discovery

Ideal for ecosystems where clients cannot be pre-configured: AI agents, MCP servers, and federated APIs. A single 401 response gives the client everything it needs to discover the authorization server and obtain a token.