diff --git a/lib/httparrot.ex b/lib/httparrot.ex
index 553e606..5a37293 100644
--- a/lib/httparrot.ex
+++ b/lib/httparrot.ex
@@ -17,6 +17,7 @@ defmodule HTTParrot do
              {'/cookies/set', HTTParrot.SetCookiesHandler, []},
              {'/cookies/delete', HTTParrot.DeleteCookiesHandler, []},
              {'/basic-auth/:user/:passwd', HTTParrot.BasicAuthHandler, []},
+             {'/hidden-basic-auth/:user/:passwd', HTTParrot.HiddenBasicAuthHandler, []},
              {'/html', :cowboy_static, {:priv_file, :httparrot, "html.html"}} ] }
     ])
     {:ok, port} = :application.get_env(:httparrot, :port)
diff --git a/lib/httparrot/hidden_basic_auth_handler.ex b/lib/httparrot/hidden_basic_auth_handler.ex
new file mode 100644
index 0000000..7d5675e
--- /dev/null
+++ b/lib/httparrot/hidden_basic_auth_handler.ex
@@ -0,0 +1,36 @@
+defmodule HTTParrot.HiddenBasicAuthHandler do
+  def init(_transport, _req, _opts) do
+    {:upgrade, :protocol, :cowboy_rest}
+  end
+
+  def allowed_methods(req, state) do
+    {["GET"], req, state}
+  end
+
+  @doc """
+  This method should be `is_authorized`, but this handler will return 404 if the auth fails
+  """
+  def resource_exists(req, state) do
+    {user, req} = :cowboy_req.binding(:user, req)
+    {passwd, req} = :cowboy_req.binding(:passwd, req)
+    {:ok, auth, req} = :cowboy_req.parse_header("authorization", req)
+    case auth do
+      {"basic", {^user, ^passwd}} -> {true, req, user}
+      _ -> {false, req, state}
+    end
+  end
+
+  def content_types_provided(req, state) do
+    {[{{"application", "json", []}, :get_json}], req, state}
+  end
+
+  def get_json(req, user) do
+    {response(user), req, nil}
+  end
+
+  defp response(user) do
+    [authenticated: true, user: user] |> JSEX.encode!
+  end
+
+  def terminate(_, _, _), do: :ok
+end
diff --git a/test/hidden_basic_auth_handler_test.exs b/test/hidden_basic_auth_handler_test.exs
new file mode 100644
index 0000000..de82c73
--- /dev/null
+++ b/test/hidden_basic_auth_handler_test.exs
@@ -0,0 +1,45 @@
+defmodule HTTParrot.HiddenBasicAuthHandlerTest do
+  use ExUnit.Case
+  import :meck
+  import HTTParrot.HiddenBasicAuthHandler
+
+  setup do
+    new :cowboy_req
+    new JSEX
+  end
+
+  teardown do
+    unload :cowboy_req
+    unload JSEX
+  end
+
+  test "resource_exists returns true if user and passwd match" do
+    expect(:cowboy_req, :binding, [{[:user, :req1], {:user, :req2}},
+                                   {[:passwd, :req2], {:passwd, :req3}}])
+    expect(:cowboy_req, :parse_header, [{["authorization", :req3], {:ok, {"basic", {:user, :passwd}}, :req4}}])
+
+    assert resource_exists(:req1, :state) == {true, :req4, :user}
+
+    assert validate :cowboy_req
+    assert validate JSEX
+  end
+
+  test "resource_exists returns false if user and passwd doesnt match" do
+    expect(:cowboy_req, :binding, [{[:user, :req1], {:user, :req2}},
+                                   {[:passwd, :req2], {:passwd, :req3}}])
+    expect(:cowboy_req, :parse_header, [{["authorization", :req3], {:ok, {"basic", {:not_the_user, :passwd}}, :req4}}])
+
+    assert resource_exists(:req1, :state) == {false, :req4, :state}
+
+    assert validate :cowboy_req
+    assert validate JSEX
+  end
+
+  test "returns user and if it's authenticated" do
+    expect(JSEX, :encode!, [{[[authenticated: true, user: :user]], :json}])
+
+    assert get_json(:req1, :user) == {:json, :req1, nil}
+
+    assert validate JSEX
+  end
+end