== How to fix it in Apache HttpClient

=== Code examples
The following code uses basic authentication to send out an HTTP request to a protected endpoint.

==== Noncompliant code example

[source,java,diff-id=1,diff-type=noncompliant]
----
import org.apache.http.client.methods.HttpPost;

String encoded = Base64.getEncoder().encodeToString("login:passwd".getBytes());
HttpPost httpPost = new HttpPost("http://api.example.com/foo");
httpPost.setHeader("Authorization", "Basic " + encoded); // Noncompliant
----

==== Compliant solution

[source,java,diff-id=1,diff-type=compliant]
----
import org.apache.http.client.methods.HttpPost;

// An access token should be retrieved before the HTTP request
String accessToken = System.getenv("ACCESS_TOKEN");
HttpPost httpPost = new HttpPost("http://api.example.com/foo");
httpPost.setHeader("Authorization", "Bearer " + accessToken);
----

=== How does this work?

include::../../common/fix/token-auth.adoc[]

include::../../common/fix/ssl.adoc[]