Documentation

HTTP Digest Auth
- What is HTTP Digest Auth?
- Use HTTP Digest Auth

HTTP Digest Auth¶

Authentication
HTTP Digest Auth

What is HTTP Digest Auth?¶

HTTP Digest Auth (or Digest access authentication) is an username/password authentication protocol that aims to be slightly safer than Basic Auth.

Paw supports HTTP Digest Auth via the Digest Auth dynamic value extension, which generates the Authorization header from the credentials you provide.

Warning! Please note that Digest auth is known to be unsafe if used on non-HTTPS hosts, mostly due to the fact that it relies on MD5 hashes.

Use HTTP Digest Auth¶

Install the extension

Install the extension¶

On the page Digest Auth dynamic value extension, hit the Install Extension button.

Install the Digest auth extension

Add the dynamic value

Add the dynamic value¶

Back to Paw, go to the Headers tab.
Add a header Authorization.
Right-click on the value field to get the list of the available dynamic values.
Under Extensions, pick Digest Auth.

Enter your credentials

Enter your credentials¶

Your password will be encrypted and stored in the document file.

Alternatively, you can access a password from the Keychain: toggle the password field into a “Regular Field” by clicking the lock icon, then click on the Secure dynamic value to get more options.

Done

Done¶

You’re ready to send the request!

Note: before the actual request is sent, a handshake (challenge) request will be sent to the server to retrieve a nonce value.