diff --git a/nsupdate/api/_tests/test_api.py b/nsupdate/api/_tests/test_api.py
index 7659cb1..dd36067 100644
--- a/nsupdate/api/_tests/test_api.py
+++ b/nsupdate/api/_tests/test_api.py
@@ -4,10 +4,13 @@ Tests for api package.
 
 import pytest
 
+import base64
+
 from django.core.urlresolvers import reverse
 
 from nsupdate.main.dnstools import query_ns, FQDN
 from nsupdate.main.models import Domain
+from nsupdate.api.views import basic_authenticate
 
 from conftest import TESTDOMAIN, TEST_HOST, TEST_HOST_RELATED, TEST_HOST2, TEST_SECRET, TEST_SECRET2
 
@@ -31,8 +34,25 @@ def test_nic_update_noauth(client):
 
 
 def make_basic_auth_header(username, password):
-    import base64
-    return b'Basic ' + base64.b64encode(('%s:%s' % (username, password)).encode('utf-8'))
+    """
+    create a basic authentication header
+
+    :param username: user name [unicode on py2, str on py3]
+    :param password: password [unicode on py2, str on py3]
+    :return: basic auth header [str on py2, str on py3]
+    """
+    # note: the coding dance in the next lines is to make sure we get str type
+    # on python 2 as well as on python 3 as str is the type we get in the auth
+    # object when practically running with a real web server.
+    user_pass = u'%s:%s' % (username, password)
+    return 'Basic ' + str(base64.b64encode(user_pass.encode('utf-8')).decode('ascii'))
+
+
+def test_basic_auth():
+    user_pass = "username", "secret"
+    h = make_basic_auth_header(*user_pass)
+    assert isinstance(h, str)  # must be str on py2, must be str on py3!
+    assert basic_authenticate(h) == user_pass
 
 
 def test_nic_update_badauth(client):
diff --git a/nsupdate/api/views.py b/nsupdate/api/views.py
index ce2d81a8..cf76fe6 100644
--- a/nsupdate/api/views.py
+++ b/nsupdate/api/views.py
@@ -7,6 +7,8 @@ import logging
 logger = logging.getLogger(__name__)
 
 import json
+import base64
+
 from netaddr import IPAddress, IPNetwork
 from netaddr.core import AddrFormatError
 
@@ -112,15 +114,14 @@ def basic_authenticate(auth):
     """
     Get username and password from http basic auth string.
 
-    :param auth: http basic auth string
-    :return: username, password
+    :param auth: http basic auth string [str on py2, str on py3]
+    :return: username, password [unicode on py2, str on py3]
     """
-    auth = auth.decode('utf-8')
+    assert isinstance(auth, str)
     authmeth, auth = auth.split(' ', 1)
     if authmeth.lower() != 'basic':
         return
-    from base64 import b64decode
-    auth = b64decode(auth.strip()).decode('utf-8')
+    auth = base64.b64decode(auth.strip()).decode('utf-8')
     username, password = auth.split(':', 1)
     return username, password