Skip to main content
Version: Next

Authentication using HTTP basic

Basic authentication is a simple authentication scheme built into the HTTP protocol, which uses base64-encoded username and password pairs as credentials.


Install htpasswd in your environment to create a password file for storing username-password pairs.

  • For Ubuntu/Debian, run the following command to install htpasswd.

    apt install apache2-utils
  • For CentOS/RHEL, run the following command to install htpasswd.

    yum install httpd-tools

Create your authentication file


Currently, you can use MD5 (recommended) and CRYPT encryption to authenticate your password.

Create a password file named .htpasswd with a user account superuser/admin:

  • Use MD5 encryption (recommended):

    htpasswd -cmb /path/to/.htpasswd superuser admin
  • Use CRYPT encryption:

    htpasswd -cdb /path/to/.htpasswd superuser admin

You can preview the content of your password file by running the following command:

cat path/to/.htpasswd

Enable basic authentication on brokers/proxies

To configure brokers/proxies to authenticate clients using basic, add the following parameters to the conf/broker.conf and the conf/proxy.conf file. If you use a standalone Pulsar, you need to add these parameters to the conf/standalone.conf file:

# Configuration to enable Basic authentication

# basicAuthConf=/path/to/.htpasswd
# When use the base64 format, you need to encode the .htpaswd content to bas64
# basicAuthConf=data:;base64,YOUR-BASE64
# basicAuthConf=YOUR-BASE64

# Authentication settings of the broker itself. Used when the broker connects to other brokers, or when the proxy connects to brokers, either in same or other clusters

You can also set an environment variable named PULSAR_EXTRA_OPTS and the value is -Dpulsar.auth.basic.conf=/path/to/.htpasswd. Pulsar reads this environment variable to implement HTTP basic authentication.

Configure basic authentication in CLI tools

Command-line tools, such as Pulsar-admin, Pulsar-perf and Pulsar-client, use the conf/client.conf file in your Pulsar installation. To configure basic authentication in Pulsar CLI tools, you need to add the following parameters to the conf/client.conf file.


Configure basic authentication in Pulsar clients

The following example shows how to configure basic authentication when using Pulsar clients.

AuthenticationBasic auth = new AuthenticationBasic();
PulsarClient client = PulsarClient.builder()