Some communication protocols come with authentication capabilities, such as HTTP with basic or digest authentication. These functionalities are part of the communication protocol and are usually well-supported in tools and frameworks.

They usually rely on the communication being already securely encrypted, otherwise this would make the information accessible for parties that can read it, should they intercept the communication. This is important to mention to application developers to ensure that protocol-based authentication is provided via encrypted communication.

The credentials for protocol-based security are usually provided directly in every message. This simplifies client calls as there is no need for several authentication steps, such as in exchanging tokens. The first client invocation can already exchange information.