Post to Netlify function behind basic password protection

I have a function on my dev site that I am trying to test. The dev site is password protected in Netlify using a basic password e.g. ‘password’

I am trying to access my function for testing, using Postman. When I submit, I get an error message about the password. No matter what I do, I can’t get it to authenticate the request.

What is the header I need to add to my Postman request, to pass in my basic password?

I have tried Authentication, Basic-Auth - password in both regular and Base64… Nothing works

Please help!

Hi @boringmoney,

Thanks for reaching out!

I’m thinking your running into this limitation mentioned here:


  • Password-protected sites. Functions triggered by events won’t work if you have full site protection enabled as Netlify doesn’t have access to site credentials or authentication information at event completion. Consider using basic authentication instead for only the sections of the site you need to protect and exclude the functions. Netlify automatically adds a layer of security for your event functions with JSON web signatures.

Password protected websites would need to be accessed as follows:

import axios from 'axios'
const data = new FormData()
data.append('form-name', 'form 1')
data.append('password', 'your password')
const url = 'your url'
  data: new URLSearchParams(data).toString(),
  maxRedirects: 0,
  method: 'post',
  validateStatus: status => {
    return status === 302
}).then(passwordResponse => { 
    headers: {
      cookie: passwordResponse.headers['set-cookie'][0].split(';')[0]
    responseType: 'text',
  }).then(siteResponse => {
  }, siteResponseError => {
    console.log('Error in second call: ', siteResponseError)
}, passwordResponseError => {
  console.log('Error in first call: ', passwordResponseError)

Thanks, but how would I use this via PostMan? I need to test the API before I get to any code.

I need some way to send the password along with the request - so far in PostMan, I’ve tried to send it as basic auth and it doesn’t work at all

If you check the above code, it clearly doesn’t use basic auth. I have already shown you exactly how you need to call the call. Now, how you implement that in Postman, is up to you. But, to be explicit:

  1. Turn off follow redirects:

  1. Send a request to your site with the password:

  1. Open the console from the bottom:

  1. Check the response headers of the received response and find the set-cookie header

  2. Add that as a cookie along with your actual request