diff --git a/.env.example b/.env.example
index a3cb37d..1376e76 100644
--- a/.env.example
+++ b/.env.example
@@ -8,9 +8,8 @@ DB_URL=jdbc:h2:./persistence/revanced-api
 DB_USER=
 DB_PASSWORD=
 
-# Basic authentication to issue JWT tokens
-BASIC_USERNAME=
-BASIC_PASSWORD=
+# Digest auth to issue JWT tokens in the format SHA256("username:ReVanced:password")
+AUTH_SHA256_DIGEST=
 
 # JWT configuration for authenticated API endpoints
 JWT_SECRET=
diff --git a/src/main/kotlin/app/revanced/api/configuration/Dependencies.kt b/src/main/kotlin/app/revanced/api/configuration/Dependencies.kt
index 5256dd4..3f9f285 100644
--- a/src/main/kotlin/app/revanced/api/configuration/Dependencies.kt
+++ b/src/main/kotlin/app/revanced/api/configuration/Dependencies.kt
@@ -118,10 +118,9 @@ fun Application.configureDependencies(
             val issuer = dotenv["JWT_ISSUER"]
             val validityInMin = dotenv["JWT_VALIDITY_IN_MIN"].toInt()
 
-            val basicUsername = dotenv["BASIC_USERNAME"]
-            val basicPassword = dotenv["BASIC_PASSWORD"]
+            val authSHA256DigestString = dotenv["AUTH_SHA256_DIGEST"]
 
-            AuthService(issuer, validityInMin, jwtSecret, basicUsername, basicPassword)
+            AuthService(issuer, validityInMin, jwtSecret, authSHA256DigestString)
         }
         single {
             OldApiService(
diff --git a/src/main/kotlin/app/revanced/api/configuration/OpenAPI.kt b/src/main/kotlin/app/revanced/api/configuration/OpenAPI.kt
index e1c637d..3c90321 100644
--- a/src/main/kotlin/app/revanced/api/configuration/OpenAPI.kt
+++ b/src/main/kotlin/app/revanced/api/configuration/OpenAPI.kt
@@ -9,7 +9,6 @@ import io.bkbn.kompendium.oas.component.Components
 import io.bkbn.kompendium.oas.info.Contact
 import io.bkbn.kompendium.oas.info.Info
 import io.bkbn.kompendium.oas.info.License
-import io.bkbn.kompendium.oas.security.BasicAuth
 import io.bkbn.kompendium.oas.security.BearerAuth
 import io.bkbn.kompendium.oas.server.Server
 import io.ktor.server.application.*
@@ -38,7 +37,6 @@ internal fun Application.configureOpenAPI() {
             components = Components(
                 securitySchemes = mutableMapOf(
                     "bearer" to BearerAuth(),
-                    "basic" to BasicAuth(),
                 ),
             ),
         ).apply {
diff --git a/src/main/kotlin/app/revanced/api/configuration/routes/ApiRoute.kt b/src/main/kotlin/app/revanced/api/configuration/routes/ApiRoute.kt
index fe2d330..7cb56f2 100644
--- a/src/main/kotlin/app/revanced/api/configuration/routes/ApiRoute.kt
+++ b/src/main/kotlin/app/revanced/api/configuration/routes/ApiRoute.kt
@@ -25,7 +25,7 @@ internal fun Route.rootRoute() {
     val authService = koinGet<AuthService>()
 
     rateLimit(RateLimitName("strong")) {
-        authenticate("basic") {
+        authenticate("auth-digest") {
             route("token") {
                 installTokenRouteDocumentation()
 
diff --git a/src/main/kotlin/app/revanced/api/configuration/services/AuthService.kt b/src/main/kotlin/app/revanced/api/configuration/services/AuthService.kt
index 8e4b8a9..a20e6d9 100644
--- a/src/main/kotlin/app/revanced/api/configuration/services/AuthService.kt
+++ b/src/main/kotlin/app/revanced/api/configuration/services/AuthService.kt
@@ -6,15 +6,23 @@ import io.ktor.server.application.*
 import io.ktor.server.auth.*
 import io.ktor.server.auth.jwt.*
 import java.util.*
+import kotlin.text.HexFormat
 import kotlin.time.Duration.Companion.minutes
 
-internal class AuthService(
+internal class AuthService private constructor(
     private val issuer: String,
     private val validityInMin: Int,
     private val jwtSecret: String,
-    private val basicUsername: String,
-    private val basicPassword: String,
+    private val authSHA256Digest: ByteArray,
 ) {
+    @OptIn(ExperimentalStdlibApi::class)
+    constructor(issuer: String, validityInMin: Int, jwtSecret: String, authSHA256DigestString: String) : this(
+        issuer,
+        validityInMin,
+        jwtSecret,
+        authSHA256DigestString.hexToByteArray(HexFormat.Default),
+    )
+
     val configureSecurity: Application.() -> Unit = {
         install(Authentication) {
             jwt("jwt") {
@@ -26,13 +34,12 @@ internal class AuthService(
                 validate { credential -> JWTPrincipal(credential.payload) }
             }
 
-            basic("basic") {
-                validate { credentials ->
-                    if (credentials.name == basicUsername && credentials.password == basicPassword) {
-                        UserIdPrincipal(credentials.name)
-                    } else {
-                        null
-                    }
+            digest("auth-digest") {
+                realm = "ReVanced"
+                algorithmName = "SHA-256"
+
+                digestProvider { _, _ ->
+                    authSHA256Digest
                 }
             }
         }