We're excited to announce our Basic Auth Traffic Policy action that allows you to enforce HTTP Basic Authentication on incoming requests as outlined in RFC 7235. Adding Basic Auth to your application is simple—just specify up to ten sets of credentials and apply the following Traffic Policy rule to your endpoint: ---on_http_request: - actions: - type: basic-auth config: credentials: - USERNAME1:PASSWORD1 - USERNAME2:PASSWORD2 --- This action works by enabling a user agent, such as an API client or web browser, to supply a username and password with an HTTP request. ngrok then validates these credentials and forwards authorized requests to your upstream service. You can configure this action using the `credentials`, `realm`, and `enforce` properties, which allow you to specify up to ten sets of credentials, set an HTTP realm, and control whether unauthorized requests are blocked or executed next. The Basic Auth Traffic Policy action returns an `action.ngrok.basic_auth` object containing information about the request's authentication status, including whether credentials were presented and authorized. Basic Auth is a quick way to secure your application or service with ngrok, offering an effortless setup without requiring external redirects or complex configurations with third-party auth providers. It seamlessly integrates into legacy applications that don’t support higher-level authentication protocols and effectively protects internal APIs. You can implement the Basic Auth Traffic Policy action by saving it to a file and passing it in the `--traffic-policy-file` argument when starting your ngrok agent, or by using the ngrok API or SDKs.