v1.8.91-d84675c
← Back to Hex Proxies

Authentication Methods

Flexible authentication with username/password, IP whitelist, and API key methods to match any integration pattern.

Get Started
3
Auth Methods
Up to 20
Whitelisted IPs
Configurable
API Key Scopes
<5ms
Auth Latency

Secure, Flexible Authentication for Every Integration

Proxy authentication determines who can use your proxy allocation and how they prove their identity. Hex Proxies supports three authentication methods, each designed for different integration patterns. All methods are equally secure and perform identically; the choice depends on your deployment architecture.

Username and Password Authentication

Username/password is the most widely supported authentication method. You embed your credentials in the proxy URL, and the proxy gateway validates them on every request. This method works with virtually every HTTP client, browser automation tool, and proxy-aware application in existence.

Your proxy URL looks like this: protocol://username:password@gateway:port. The gateway extracts credentials from the Proxy-Authorization header (for HTTP) or the SOCKS5 auth handshake and validates them against our authentication service. Validation takes less than 5 milliseconds.

We generate unique credentials for each proxy product you purchase. ISP proxies, residential proxies, and datacenter proxies each have their own credentials, preventing cross-product usage and enabling per-product usage tracking.

If your credentials contain special characters, URL-encode them to prevent parsing errors. Characters like @, :, and / must be percent-encoded when embedded in a URL. Our dashboard shows the pre-encoded URL for easy copy-paste integration.

IP Whitelist Authentication

IP whitelist authentication authorizes specific IP addresses to use the proxy without credentials. You add your server's public IP to the whitelist through the dashboard, and any request from that IP is accepted automatically.

This method is ideal for server-based deployments where the source IP is fixed and known. It eliminates the need to embed credentials in configuration files, environment variables, or code. It also removes the risk of credential exposure in logs, since there are no credentials to expose.

You can whitelist up to 20 IP addresses per account. Each whitelisted IP can use all proxy products on the account. Adding or removing IPs takes effect within 30 seconds globally across all gateways.

IP whitelist authentication does not work for dynamic IP environments (like developer laptops on residential internet) because the source IP changes frequently. For those scenarios, use username/password or API key authentication.

API Key Authentication

API key authentication is designed for programmatic proxy management. API keys are passed as request headers rather than embedded in the proxy URL, making them suitable for applications that manage proxy sessions through our REST API.

Each API key has configurable scopes that control what operations it can perform. A read-only key might only access usage statistics, while a full-access key can create sessions, manage IP rotation, and modify account settings.

API keys are generated in the dashboard and can be rotated instantly. When you rotate a key, the old key is revoked immediately, and a new key is issued. This enables regular credential rotation as part of your security hygiene without any service interruption.

Security Best Practices

Store credentials in environment variables or a secrets management service like AWS Secrets Manager, HashiCorp Vault, or Doppler. Never hardcode proxy credentials in source code or commit them to version control.

Rotate credentials regularly, especially after team member departures. Our instant rotation feature makes this painless. The new credentials take effect immediately, and the old credentials stop working within seconds.

Use IP whitelist authentication for production servers with fixed IPs to eliminate credential management entirely. Reserve username/password authentication for development environments and dynamic IP scenarios.

For team environments, use API keys with scoped permissions. Give each team member or service their own API key with the minimum required permissions. This enables per-user usage tracking and makes it easy to revoke access without affecting other team members.

Authentication and Performance

All authentication methods are validated in under 5 milliseconds. The authentication service runs on the same infrastructure as our gateways, so there is no external network call during validation. Authenticated sessions are cached, so subsequent requests in the same session skip re-authentication entirely.

Troubleshooting Authentication

The most common authentication error is HTTP 407 (Proxy Authentication Required). This occurs when credentials are missing, incorrect, or improperly formatted. Check that credentials are URL-encoded if they contain special characters. Verify that you are using the correct credentials for the proxy product you are accessing. Confirm that your IP is whitelisted if you are using IP whitelist authentication.

If authentication works intermittently, check for load balancers or NAT gateways that might present different source IPs to our gateway. Multiple source IPs cause IP whitelist authentication to fail unpredictably.

Key Features

Username & Password

Standard credential-based authentication embedded in the proxy URL. Works with every HTTP client and proxy-aware application.

IP Whitelist

Authorize your server IPs and connect without credentials. Ideal for fixed-IP servers and environments where embedding credentials is impractical.

API Key Authentication

Generate scoped API keys for programmatic session management, usage monitoring, and team-level access control.

Credential Rotation

Rotate credentials instantly from the dashboard without downtime. Old credentials are revoked immediately upon rotation.

Ready to Get Started?

Experience our enterprise-grade proxy network infrastructure.

Create AccountView Pricing

Related Resources

curl Integration

Test Hex Proxies quickly using curl with proxy authentication.

Proxy Authentication Speed

Benchmarking proxy authentication methods and their impact on per-request performance.

PHP Guzzle Proxy Setup

Configure Hex Proxies in PHP applications using Guzzle. Covers proxy authentication, HTTPS tunneling, sticky sessions, and error handling.

Residential Proxies

Rotating residential IPs from 100+ countries with city-level targeting.

Cookie Preferences

We use cookies to ensure the best experience. You can customize your preferences below. Learn more