In Basic Authentication, the user passes their credentials [user name and password] on a post request . At the WebAPI end, credentials are verified. If the credentials are valid, then a session will initiate to accept the subsequent requests without validating the user again.