Webtrends API authentication with Node.js

As a product engineering apprentice with the NYC Mayor’s Office digital products team (I guess I haven’t updated in a little a while), I am currently working on building an Analytics dashboard that draws from Google Analytics and Webtrends, an older analytics solution. Both have APIs that allow you to request relevant metrics. The Google Analytics API took me some time to set up, but my previous work on oAuth with Hackterms really helped wrap my head around it. Webtrends, however, was a different story. Their documentation is… not great… at all., and merely states that Webtrends uses basic authentication – which, as I’ve learned, isn’t simple authentication, but an actual, rather-outdated type of authenticating users.

Webtrends comes with a neat Generator tool that allows you to select the data you need, and then gives you a corresponding GET query to use. However, you are meant to plug this query into a browser, which then presents you with w a sign-in module:

Screen Shot 2018-07-17 at 1.55.29 PM

Of course, that’s not usable for API requests, which should be performed automatically from your back-end. So, the account info needs to be passed in via the headers. I started searching for how to construct a basic authentication header for Webtrends, but couldn’t find any up-to-date info, let alone in JS. So, here is a basic Webtrends connection, with Node.js and the npm request package, which simplifies sending requests.

The Webtrends username is constructed with Username and Account, separated by a backslash.

username: username\account

What nobody mentions is that the backslash needs to be escaped. This is really important!

username: username\\account

So, for example, if your username is TakeshiKovacs, your account is Envoy, and your password is Resolution653 , your combined credentials would read:


According to these helpful MDN docs, you construct a basic authorization header like this:

  Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l

The YWxhZGRpbjpvcGVuc2VzYW1l bit is actually your username:password (literally, username + “:” + password), encoded in Base64. In Node.js, in order to encode in base64, we use the Buffer object, which performs all sorts on encoding and decoding operations. In order to encode a string as Base64, we use new Buffer.from( some string ).toString(‘base64’);

So, to sum up, the basic authorization header is:

  Authorization: Basic + new Buffer.from(username + ":" + password).toString('base64');

Once you have the URL from the Webtrends generator, the complete GET request for data (with the dummy credentials from above) looks like this:

var request = require('request');
var auth = "Basic " + new Buffer.from(username + ":" + password).toString('base64');
// var auth = "Basic " + new Buffer.from("TakeshiKovacs\\Envoys:Proposition613").toString('base64');

var webtrendsURL = "https://ws.webtrends.com/v3/.../"; // your webtrends URL from generator;

    uri: webtrendsUrl,
    headers: {
        Authorization: auth
    function(err, response, body) {
        if (err) {
        } else {
            console.log("Got a response from Webtrends!");

PS: you should store your credentials as environmental variables so they don’t get exposed. I used dotnev, which was straightforward and easy to implement.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s