Authentication

Aethyn uses standard HTTP proxy authentication — username:password sent in the Proxy-Authorization header. No SDK, no token exchange, no separate API key.

Credential format

Each account has one canonical credential pair, surfaced in the dashboard under the Aethyn Credentials card. The base username has the form aethyn-XXXXX and the password is a generated secret you can copy or reset.

username = aethyn-d9e2c
password = 4f7K2qP9xL8mN3vR

Username suffixes

Targeting parameters are appended to the username with hyphen separators. The base credential always comes first; everything after is interpreted as a directive.

aethyn-d9e2c-country-us-session-a3xq-ttl-10
└──┬──────┘ └────┬─────┘ └─────┬─────┘ └───┬──┘
   base       country        session       ttl

Default behaviour

With no suffixes, every request gets a fresh exit IP, drawn worldwide. With session-XXXX, the same exit IP is reused for up to 30 minutes (configurable via ttl).

Password rotation

The dashboard has a Reset password action that generates a new secret and invalidates the old one immediately. Every active connection using the old password will be dropped within ~60 seconds (the credential cache TTL).

IP allowlist (coming soon)

For deployments where storing the password in client code is undesirable, IP-based allowlisting will let you authorize requests by source IP without sending credentials at all. Email contact@aethyn.io to be in the early-access cohort.