Skip to content

Authentication

Better Reports supports optional HTTP Basic Authentication.

Enabling Authentication

Set both environment variables to enable authentication:

bash
REPORTS_USER=admin
REPORTS_PASS=your-secure-password

If either variable is empty or unset, authentication is disabled and the API is publicly accessible.

How It Works

When authentication is enabled:

  1. The server validates the Authorization: Basic header on every request
  2. The UI detects 401 responses and automatically shows an Auth Dialog
  3. Credentials are stored in sessionStorage for the browser session
  4. A logout button appears in the header navigation

API Authentication

All API requests must include the Authorization header:

bash
curl http://localhost:3000/api/templates \
  -u "admin:your-secure-password"

Security Considerations

  • Use a strong, unique password
  • Always use HTTPS in production (see Docker + Traefik for automatic TLS)
  • The app does not support multiple users; it's designed for single-user or team-shared authentication
  • Credentials are transmitted in cleartext with Basic Auth; HTTPS is mandatory in production

Design and Dev by David Lam