Build Authorization: Basic headers from a username and password, or decode an existing one.
HTTP Basic Auth encodes credentials with Base64, not encryption. They are trivially decoded by anyone who can read the request. Always send over HTTPS, never over plain HTTP. For public APIs prefer bearer tokens, OAuth, or signed requests.