docs: document omit option for basic auth credentials

devin-ai-integration[bot] · devalog · devin-ai-integration[bot] · commit c527c4a66c6f · 2026-05-06T18:24:31.000Z
Co-Authored-By: Devin Logan &lt;devinannlogan@gmail.com&gt;
diff --git a/fern/products/api-def/ferndef/auth.mdx b/fern/products/api-def/ferndef/auth.mdx
@@ -131,6 +131,30 @@ client = new Client({
 })
 ```
 
+### Omit username or password
+
+If your API only expects one half of a basic auth credential pair (for example, a token in the username and an empty password), set `omit: true` on the field you want to remove from the generated SDK:
+
+```yaml title="api.yml" {8}
+auth: Basic
+auth-schemes:
+  Basic:
+    scheme: basic
+    username:
+      name: apiToken
+    password:
+      omit: true
+```
+
+The omitted field is removed from the SDK's constructor entirely. Internally, an empty string is used to encode the `Authorization` header — omitting `password` produces `base64("apiToken:")`, and omitting `username` produces `base64(":password")`. If both fields are omitted, no `Authorization` header is sent.
+
+```ts index.ts
+// Only the non-omitted field is exposed
+const client = new Client({
+  apiToken: "ey34..."
+})
+```
+
 ## Custom header (e.g. API key)
 
 You can also create your own authentication scheme with customized headers. 
diff --git a/fern/products/api-def/openapi/auth.mdx b/fern/products/api-def/openapi/auth.mdx
@@ -218,6 +218,19 @@ auth-schemes:
       env: MY_CLIENT_SECRET
 ```
 
+To remove `username` or `password` from the generated SDK — for example, when your API expects a token in the username and ignores the password — set `omit: true` on the field. The omitted field is treated as an empty string when encoding the `Authorization` header, and is dropped from the SDK's public API. If both fields are omitted, no `Authorization` header is sent.
+
+```yaml title="generators.yml" {8}
+auth-schemes:
+  BasicAuth:
+    scheme: basic
+    username:
+      name: apiToken
+      env: MY_API_TOKEN
+    password:
+      omit: true
+```
+
 </Accordion>
 <Accordion title="API key">
 
diff --git a/fern/products/sdks/snippets/basic-auth-params.mdx b/fern/products/sdks/snippets/basic-auth-params.mdx
@@ -30,4 +30,7 @@ auth-schemes:
 </ParamField>
 <ParamField path="username.env, password.env" type="string" required={false}>
   Environment variable name that the SDK will automatically scan for the username or password value. When this environment variable is present, users don't need to explicitly provide the username parameter. Follow naming conventions like `YOUR_APP_USERNAME` or `SERVICE_CLIENT_ID`.
+</ParamField>
+<ParamField path="username.omit, password.omit" type="boolean" default="false">
+  When `true`, the field is removed from the generated SDK's public API. The omitted field is treated as an empty string when encoding the `Authorization` header (omitting `password` produces `base64("username:")`; omitting `username` produces `base64(":password")`). When both are omitted, the `Authorization` header is skipped entirely. Use this when your API expects only one half of the basic auth credential pair.
 </ParamField>
