The simplest form of web authentication is HTTP basic authentication. The request contains a header field in the form of Authorization: Basic where credentials is the Base64 encoding of ID and password joined by a single colon :, e.g. Authorisation: Basic dGVzdDpzZWNyZXQ=

The server will check if the Authorization header field is present and if the value is a valid username / password combination.

The httpie is a user-friendly HTTP client that can be used to test the API:

$ http http://localhost:8080
HTTP/1.1 401 Unauthorized
Content-Length: 36
Content-Type: application/json
Date: Sat, 19 Jun 2021 13:16:34 GMT
Www-Authenticate: Basic realm="Give username and password"

{
    "message": "No basic auth present"
}

$ http http://localhost:8080 "Authorization:Basic dGVzdDpzZWNyZXQ="
HTTP/1.1 200 OK
Content-Length: 39
Content-Type: application/json
Date: Sat, 19 Jun 2021 13:38:01 GMT

{
    "message": "welcome to golang world!"
}

dGVzdDpzZWNyZXQ= is the Base64 encoded test:secret string.

The client demonstrates how to set the Authorization header required for HTTP basic authentication.

The code is from How to Implement HTTP Basic Auth in Go.