HTTP Basic Authorization Header

When authenticating with the Chargify API, the Authorization header must be in the format specified by RFC 2617, for example:

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

The word “Basic” must be present and must be capitalized exactly as shown.

We have discovered that we were previously accepting invalid headers, for example:

Authorization: QWxhZGRpbjpvcGVuIHNlc2FtZQ==

Authorization: BASIC QWxhZGRpbjpvcGVuIHNlc2FtZQ==

As of Monday, March 28, 2016, these formats will no longer work, and you will receive a 401 Unauthorized response.