How to define the basic HTTP authentication using cURL correctly?

I'm learning Apigility (Apigility docu -> REST Service Tutorial) and trying to send a POST request with basic authentication via cURL:

$ curl -X POST -i -H "Content-Type: application/hal+json" -H "Authorization: Basic YXBpdXNlcjphcGlwd2Q=" http://apigilityhw.sandbox.loc/status

YXBpdXNlcjphcGlwd2Q= is the base 64 encoded string with my credentials apiuser:apipwd. The credentials are saved in the /data/htpasswd (apiuser:$apr1$3J4cyqEw$WKga3rQMkxvnevMuBaekg/).

The looks like this:

HTTP/1.1 401 Unauthorized
Server: nginx/1.4.7
Date: Mon, 22 Sep 2014 07:48:47 GMT
Content-Type: application/problem+json
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.12-1~dotdeb.1
WWW-Authenticate: Basic realm="api"

Where is the mistake here? How to get it work?

curl -u username:password http://
curl -u username http://

From the documentation page:

> -u, --user <user:password> > > Specify the user name and password to use for server authentication. > Overrides -n, --netrc and --netrc-optional. > > If you simply specify the user name, curl will prompt for a password. > > The user name and passwords are split up on the first colon, which > makes it impossible to use a colon in the user name with this option. > The password can, still. > > When using Kerberos V5 with a Windows based server you should include > the Windows domain name in the user name, in order for the server to > succesfully obtain a Kerberos Ticket. If you don't then the initial > authentication handshake may fail. > > When using NTLM, the user name can be specified simply as the user > name, without the domain, if there is a single domain and forest in > your setup for example. > > To specify the domain name use either Down-Level Logon Name or UPN > (User Principal Name) formats. For example, EXAMPLE\user and > [email protected] respectively. > > If you use a Windows SSPI-enabled curl binary and perform Kerberos V5, > Negotiate, NTLM or Digest authentication then you can tell curl to > select the user name and password from your environment by specifying > a single colon with this option: "-u :". > > If this option is used several times, the last one will be used.

http://curl.haxx.se/docs/manpage.html#-u

Note that you do not need --basic flag as it is the default.

as header

AUTH=$(echo -ne "$BASIC_AUTH_USER:$BASIC_AUTH_PASSWORD" | base64 --wrap 0)

curl \
  --header "Content-Type: application/json" \
  --header "Authorization: Basic $AUTH" \
  --request POST \
  --data  '{"key1":"value1", "key2":"value2"}' \
  https://example.com/

The easiest way to figure out what authorization header should look like might be first to run curl with -u (or putting the credentials within the URL) and -v and the output will show the request header:

$ curl -v -u 'apiuser:apipwd' ... http://apigilityhw.sandbox.loc/status

# OR putting the credentials in the URL: 

$ curl -v ... http://apiuser:[email protected]/status
    
# copy and paste the "Authorization" header from the output:
    
$ curl -H 'Authorization: Basic YWRtaW46YXBpcHdk' ... http://apigilityhw.sandbox.loc/status