Skip to content

Authenticate using basic credentials

Pulp by default uses Basic Authentication which checks the user submitted header against an internal database of users. If the username and password match, the request is considered authenticated as that username. Basic auth transmits credentials as user-id and password joined with a colon and then encoded using Base64. This is passed along as the Authorization header.

Below is an example of a Basic Authentication header for a username admin and password password.:

Authorization: Basic YWRtaW46cGFzc3dvcmQ=

You can set this header on a httpie command using the --auth option:

http --auth admin:password ...

You could also specify the header manually on a httpie command using its header syntax:

http Authorization:"Basic YWRtaW46cGFzc3dvcmQ=" ...


For the 3.y releases, Pulp expects the user table to have exactly 1 user in it named 'admin', which is created automatically when the initial migration is applied. The password for this user can be set with the pulpcore-manager reset-admin-password command. To articulate what you'd like to see future versions of Pulp file a feature request here or reach out via

Disabling Basic Authentication

Basic Authentication is defined by receiving the username and password encoded in the Authorization header. To disable receiving the username and password using Basic Authentication, remove the rest_framework.authentication.BasicAuthentication from the REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] list.