***

title: validate_basic_auth
slug: /reference/python/agents/agent-base/validate-basic-auth
description: Validate HTTP Basic Auth credentials against the agent's stored credentials.
max-toc-depth: 3
---------------------

For a complete index of all SignalWire documentation pages, fetch https://signalwire.com/docs/llms.txt

Validate a username/password pair against the agent's configured Basic Auth
credentials. The comparison uses constant-time `hmac.compare_digest` to prevent
timing attacks.

<Note>
  This method is an **override point**. Subclasses can replace it with custom
  authentication logic (e.g., database lookups, external identity providers) while
  the rest of the auth pipeline (`_check_basic_auth`, `_check_cgi_auth`, etc.)
  continues to call it transparently.
</Note>

## **Parameters**

<ParamField path="username" type="str" required={true} toc={true}>
  Username extracted from the incoming request's `Authorization` header.
</ParamField>

<ParamField path="password" type="str" required={true} toc={true}>
  Password extracted from the incoming request's `Authorization` header.
</ParamField>

## **Returns**

`bool` -- `True` if the credentials are valid, `False` otherwise. Returns `False`
when no credentials have been configured on the agent.

## **Examples**

### Default behavior

```python {4}
from signalwire import AgentBase

agent = AgentBase(name="assistant", route="/assistant")
is_valid = agent.validate_basic_auth("admin", "secret123")
```

### Custom validation in a subclass

```python {4}
from signalwire import AgentBase

class SecureAgent(AgentBase):
    def validate_basic_auth(self, username: str, password: str) -> bool:
        """Look up credentials in an external user store."""
        from myapp.auth import verify_user
        return verify_user(username, password)
```