HTTP Client Authentication¶

Authentication attributes are applied at the class level alongside [HttpClient] to configure how credentials are attached to outgoing requests. Each attribute integrates with the Configuration module for secret management.

Bearer Token¶

[BearerAuth] adds an Authorization: Bearer <token> header to every request. The token is resolved from the bound configuration type.

[HttpClient<GitHubApiConfig>]
[BearerAuth]
public partial class GitHubClient
{
    [Get("/repos/{owner}/{repo}")]
    private partial Repository GetRepo(string owner, string repo);
}

The generated client reads the token from the configuration provider at request time:

// appsettings.json
{
  "GitHubApi": {
    "BaseAddress": "https://api.github.com",
    "Token": "ghp_..."
  }
}

Secret management

Mark the token property with [Secret] in your configuration type to keep it out of appsettings.json and route it through user secrets instead.

API Key¶

[ApiKeyAuth] sends an API key in a named HTTP header. The HeaderName property is required; ConfigProperty specifies which configuration property holds the key.

Property	Type	Default	Description
`HeaderName`	`string`	(required)	HTTP header name for the API key
`ConfigProperty`	`string?`	`"ApiKey"`	Property name on the configuration type

[HttpClient<WeatherApiConfig>]
[ApiKeyAuth(HeaderName = "X-Api-Key", ConfigProperty = "Key")]
public partial class WeatherClient
{
    [Get("/forecast/{city}")]
    private partial Forecast GetForecast(string city);
}

// Configuration type
public class WeatherApiConfig
{
    public string BaseAddress { get; set; }

    [Secret]
    public string Key { get; set; }
}

The generated client attaches the header to every request:

X-Api-Key: your-api-key-here

Basic Auth¶

[BasicAuth] sends an Authorization: Basic <base64> header. Property names configure which configuration properties hold the username and password.

Property	Type	Default	Description
`UsernameProperty`	`string?`	`"Username"`	Property name for the username
`PasswordProperty`	`string?`	`"Password"`	Property name for the password

[HttpClient<LegacyApiConfig>]
[BasicAuth(UsernameProperty = "User", PasswordProperty = "Pass")]
public partial class LegacyApiClient
{
    [Get("/data")]
    private partial DataResponse GetData();

    [Post("/data")]
    private partial Unit PostData([Body] DataRequest request);
}

public class LegacyApiConfig
{
    public string BaseAddress { get; set; }
    public string User { get; set; }

    [Secret]
    public string Pass { get; set; }
}

Credentials in configuration

Always mark password and token properties with [Secret] to prevent them from being committed to source control via appsettings.json. Use dotnet user-secrets or environment variables for local development.

DI Integration¶

Authentication is wired automatically during DI registration. The generated Add{ClientName}() extension method resolves the configuration provider and configures the HttpClient with the appropriate authentication handler:

// In your DI setup
services.AddWeatherClient();
// Automatically resolves WeatherApiConfig and configures X-Api-Key header

No manual HttpClient configuration is needed — the generator handles DelegatingHandler registration for each auth type.