Proxy Authentication Methods
Every proxy request must prove the sender is authorized. The authentication method you choose affects security, convenience, and compatibility. This guide covers the three primary methods and when to use each.
Method 1: Username/Password Authentication
The most common method. Credentials are sent with each request via the Proxy-Authorization header (HTTP CONNECT) or embedded in the proxy URL.
**How it works:** ``` Client sends: CONNECT target.com:443 HTTP/1.1 Proxy-Authorization: Basic base64(user:pass) Proxy verifies credentials and establishes tunnel ```
**Python Example:** ```python import httpx
proxy_url = "http://YOUR_USER:YOUR_PASS@gate.hexproxies.com:8080" with httpx.Client(proxy=proxy_url) as client: resp = client.get("https://httpbin.org/ip") print(resp.json()) ```
**Node.js Example:** ```javascript const { HttpsProxyAgent } = require('https-proxy-agent'); const agent = new HttpsProxyAgent('http://YOUR_USER:YOUR_PASS@gate.hexproxies.com:8080'); const response = await fetch('https://httpbin.org/ip', { agent }); ```
**Advantages:** - Works from any IP address — ideal for developers who travel or use dynamic IPs - Supports session control via username parameters (e.g., `user-session-abc`) - Country targeting via username (e.g., `user-country-us`)
**Security considerations:** - Store credentials in environment variables, never in source code - Rotate passwords periodically - Use HTTPS between client and proxy when possible
Method 2: IP Whitelisting
The proxy allows connections from pre-approved IP addresses without requiring credentials in each request.
**Setup:** 1. Log into your Hex Proxies dashboard 2. Navigate to IP Whitelist settings 3. Add your server's public IP address 4. Save — requests from that IP are now authenticated automatically
**Python Example (no credentials needed):** ```python import httpx
# No auth needed — your IP is whitelisted proxy_url = "http://gate.hexproxies.com:8080" with httpx.Client(proxy=proxy_url) as client: resp = client.get("https://httpbin.org/ip") print(resp.json()) ```
**Advantages:** - Simpler client configuration — no credentials to manage per request - No risk of credential leakage in logs or error messages - Lower overhead — no auth header processing per request
**Limitations:** - Only works from the whitelisted IP — not suitable for dynamic IPs - Requires dashboard access to update when server IPs change - No per-request session control via username parameters
Method 3: Token-Based Authentication
Some proxy providers offer API tokens passed as custom headers. This combines the flexibility of user/pass with the cleanliness of header-based auth.
**Example:** ```python import httpx
headers = {"Proxy-Token": "YOUR_API_TOKEN"} proxy_url = "http://gate.hexproxies.com:8080" with httpx.Client(proxy=proxy_url, headers=headers) as client: resp = client.get("https://httpbin.org/ip") ```
Choosing the Right Method
| Factor | User/Pass | IP Whitelist | Token | |--------|-----------|-------------|-------| | Dynamic IPs | Yes | No | Yes | | Session control | Yes (username params) | No | Depends | | Setup complexity | Low | Low | Medium | | Credential risk | Medium | None | Low | | Best for | Development, scripts | Servers, CI/CD | API integrations |
Security Best Practices
- Never hardcode credentials — use environment variables or secret managers
- Rotate credentials quarterly — or immediately if you suspect compromise
- Use IP whitelisting for servers — it eliminates credential management entirely
- Log proxy usage — monitor for unauthorized access patterns
- Separate credentials per service — different user/pass for scraping vs testing
Hex Proxies Authentication Features
Hex Proxies supports username/password authentication with inline parameters for session control and country targeting:
- `username-session-abc` — sticky session (same IP)
- `username-country-us` — country targeting
- `username-session-abc-country-us` — both combined
This makes user/pass the most flexible method, supporting advanced proxy features directly in the authentication string.