diff --git a/tyk-docs/content/basic-config-and-security/security/upstream-authentication/basic-authentication.md b/tyk-docs/content/basic-config-and-security/security/upstream-authentication/basic-authentication.md
new file mode 100644
index 0000000000..ed2742756d
--- /dev/null
+++ b/tyk-docs/content/basic-config-and-security/security/upstream-authentication/basic-authentication.md
@@ -0,0 +1,33 @@
+---
+title: Upstream Basic Authentication
+tags: ["upstream-basic-auth"]
+description: "How to authenticate upstream requests with basic authentication"
+menu:
+  main:
+    parent: "Upstream Authentication"
+weight: 2
+---
+
+If your upstream API is protected with basic authentication, you can configure Tyk to send requests with basic authentication credentials.
+
+- You can specifiy username and password to be used. 
+- You can configure the header in which basic authenticaiton credentials are to be sent, the default header to be used is `Authorization`. 
+
+
+## How To Set Up
+
+### Via API Definition
+
+Inside your OAS API definition you should configure `x-tyk-api-gateway.upstream.authentication.basicAuth` field.
+- `enabled` needs to be true to enable upstream basic authentication.
+- `header.name` is the custom header to be used, defaults to `Authorization`
+- Please note that `header.enabled` needs to be true to use a custom header name specified in `header.name`
+- `username` is the username to be used.
+- `password` is the password to be used.
+
+{{< note success >}}
+**Note**
+`x-tyk-api-gateway.upstream.authentication.enabled` needs to be true to enable upstream authentication.
+
+If the configured `header.name` is also sent from clientside, Tyk will replace it with basic auth credentials before sending it to upstream.
+{{< /note >}}
diff --git a/tyk-docs/data/menu.yaml b/tyk-docs/data/menu.yaml
index c18a7e45c7..e12fabb59f 100644
--- a/tyk-docs/data/menu.yaml
+++ b/tyk-docs/data/menu.yaml
@@ -1381,6 +1381,14 @@ menu:
               path: /basic-config-and-security/security/authentication-authorization/json-web-tokens/jwt-keycloak
               category: Page
               show: True
+          - title: "Upstream Authentication"
+            category: Directory
+            show: True
+            menu:
+            - title: "Upstream basic authentication"
+              path: /basic-config-and-security/security/upstream-authentication/basic-authentication
+              category: Page
+              show: True
           - title: "MTLS"
             category: Directory
             show: True