Why should you base64 encode the Authorization header?

Question

Twitter\'s API requires sending an Authorization header that is a base64 encoding of an API key concatenated with an API secret key. In Node, I use:

var base64 =         


        

Answer 1

Eventhough I can't find it in the w3 documentation, I believe that it is just protocol to encode the credentials of the Authorization header to base64, no matter what content it has. In the case of Twitter it doesn't make much difference as you said, but in other cases the credentials can contain these characters. To keep it uniform and prevent mistakes of whether it should be encoded or not, all credentials should be encoded.

Another reason could be, that browsers also encode the credentials the same way. Twitter probably also wants to accept that.