Authentication
Better Reports supports optional HTTP Basic Authentication.
Enabling Authentication
Set both environment variables to enable authentication:
bash
REPORTS_USER=admin
REPORTS_PASS=your-secure-passwordIf either variable is empty or unset, authentication is disabled and the API is publicly accessible.
How It Works
When authentication is enabled:
- The server validates the
Authorization: Basicheader on every request - The UI detects 401 responses and automatically shows an Auth Dialog
- Credentials are stored in
sessionStoragefor the browser session - A logout button appears in the header navigation
API Authentication
All API requests must include the Authorization header:
bash
curl http://localhost:3000/api/templates \
-u "admin:your-secure-password"Security Considerations
- Use a strong, unique password
- Always use HTTPS in production (see Docker + Traefik for automatic TLS)
- The app does not support multiple users; it's designed for single-user or team-shared authentication
- Credentials are transmitted in cleartext with Basic Auth; HTTPS is mandatory in production