The essential points from this guide -- each one is explained in detail below.
Username:password auth works from any source IP and is the most flexible method.
IP allowlisting requires no credentials in code but only works from registered IPs.
Proxy auth is separate from website auth -- it happens between your client and the proxy.
Most commercial providers support both methods; username:password is the default.
The most common method. You include credentials in the proxy URL (http://user:pass@proxy:port) or set the Proxy-Authorization header. This method works from any source IP address, supports per-request targeting parameters encoded in the username string, and is the default for most integrations. Your provider dashboard generates the credentials.
With IP allowlisting, you register your server's IP address in the provider's dashboard. The proxy accepts any connection from that IP without requiring credentials. This is simpler for fixed-server deployments (no credentials to manage in code) but inflexible for dynamic environments (serverless functions, CI/CD runners, rotating infrastructure).
Commercial proxy gateways often let you encode request-specific parameters in the username string. For example: user-country-us-city-newyork-session-abc123@proxy:port. This tells the gateway to route the request through a New York residential IP and maintain the same IP for the sticky session "abc123". Each provider has its own username format.
Ready to put this into practice? Browse all proxy types
KnoxProxy Research Team · Technical Content
Network engineers and proxy infrastructure specialists with 10+ years in anti-bot systems, web scraping, and IP routing.
90.4M+ ethically sourced residential IPs across 195 countries. Start free -- no credit card required.