There is a slight difference between basic HTTP authentication and Digest HTTP authentication.
For basic Auth. Before the request with the oAuth system, the user name is added with a colon and concatenated with a password. The result will be encoded using the Base64 algorithm.
For example, username is demo , and your access_token is 123 , so in this case, the resulting string after concatenation will be 'demo:123' , and as soon as we apply Base64 encoding, it will become ZGVtbzoxMjM=
Now this encoded string is passed to the HTTP header and decoded by the oAuth provider. This is not a very strong encoding mechanism and can be easily decoded since this Auth system is not designed for a very high secure system.
Again, Digest also uses HTTP to send and receive data, but much better than the underlying OAuth, which sends data to plaintext . Digest uses the MD5 cryptographic hashing algorithm type to encrypt your password/access_token , and next to it it uses nonce to stop the replay attack.
Hope this gives you some insight into how they work.
Update
I just saw the code in the Gimme panel
GET /api/v0/tags HTTP/1.1 Host: gimmebar.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.6+ (KHTML, like Gecko) Version/4.0 Safari/528.16 Titanium/1.1.0 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate Authorization: Digest username="funkatron", realm="GimmeBarAPI", nonce="7a3ab1f9cde605f27797cd04c4d1fcf6", uri="/api/v0/tags", response="3654f9b1b2ba9489e1f01ae792852987", opaque="94619f8a70068b2591c2eed622525b0e", algorithm="MD5", cnonce="6897ccbff3b08776ab61e69a814c05b4", nc=00000001, qop="auth" Connection: keep-alive , realm = "GimmeBarAPI", nonce = "7a3ab1f9cde605f27797cd04c4d1fcf6", uri = "/ api / v0 / tags", response = "3654f9b1b2ba9489e1f01ae792852987", opaque = "94619f8a70068b2591c2eed622525b0e", algorithm = "MD5", GET /api/v0/tags HTTP/1.1 Host: gimmebar.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-us) AppleWebKit/533.6+ (KHTML, like Gecko) Version/4.0 Safari/528.16 Titanium/1.1.0 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate Authorization: Digest username="funkatron", realm="GimmeBarAPI", nonce="7a3ab1f9cde605f27797cd04c4d1fcf6", uri="/api/v0/tags", response="3654f9b1b2ba9489e1f01ae792852987", opaque="94619f8a70068b2591c2eed622525b0e", algorithm="MD5", cnonce="6897ccbff3b08776ab61e69a814c05b4", nc=00000001, qop="auth" Connection: keep-alive
and if you see when sending a request, then they transmit the hashing algorithm used with nonce , username . So they all create them where the application is located in the header section. All you need to find is the title name we need to put.