diff --git a/README.md b/README.md
index 2caaee9..a6a5a5c 100644
--- a/README.md
+++ b/README.md
@@ -70,6 +70,9 @@ alertmanager {
     # the request will be proxied through ntfy-alertmanager. Therefore ntfy-alertmanager
     # needs to be exposed to external network requests and base-url has to be set.
     silence-duration 24h
+    # Basic authentication (https://prometheus.io/docs/alerting/latest/https/)
+    user user
+    password pass
 }
 
 # When the alert-mode is set to single, ntfy-alertmanager will cache each single alert
diff --git a/config.go b/config.go
index e88e885..f0e1506 100644
--- a/config.go
+++ b/config.go
@@ -50,6 +50,8 @@ type cacheConfig struct {
 }
 
 type alertmanagerConfig struct {
+	User            string
+	Password        string
 	SilenceDuration time.Duration
 }
 
@@ -246,6 +248,20 @@ func readConfig(path string) (*config, error) {
 
 			config.am.SilenceDuration = duration
 		}
+
+		d = amDir.Children.Get("user")
+		if d != nil {
+			if err := d.ParseParams(&config.am.User); err != nil {
+				return nil, err
+			}
+		}
+
+		d = amDir.Children.Get("password")
+		if d != nil {
+			if err := d.ParseParams(&config.am.Password); err != nil {
+				return nil, err
+			}
+		}
 	}
 
 	return config, nil
diff --git a/config_test.go b/config_test.go
index 93c74b4..a2ab6a4 100644
--- a/config_test.go
+++ b/config_test.go
@@ -55,6 +55,9 @@ alertmanager {
     # the request will be proxied through ntfy-alertmanager. Therefore ntfy-alertmanager
     # needs to be exposed to external network requests and base-url has to be set.
     silence-duration 24h
+    # Basic authentication (https://prometheus.io/docs/alerting/latest/https/)
+    user user
+    password pass
 }
 
 # When the alert-mode is set to single, ntfy-alertmanager will cache each single alert
@@ -83,7 +86,11 @@ cache {
 			},
 		},
 		cache: cacheConfig{CleanupInterval: time.Hour, Duration: 48 * time.Hour},
-		am:    alertmanagerConfig{SilenceDuration: time.Hour * 24},
+		am: alertmanagerConfig{
+			SilenceDuration: time.Hour * 24,
+			User:            "user",
+			Password:        "pass",
+		},
 	}
 
 	configPath := filepath.Join(t.TempDir(), "config")
diff --git a/silence.go b/silence.go
index 9c6cadb..ffc23db 100644
--- a/silence.go
+++ b/silence.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"time"
@@ -93,6 +94,12 @@ func (rcv *receiver) handleSilences(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Basic auth
+	if rcv.cfg.am.User != "" && rcv.cfg.am.Password != "" {
+		auth := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("%s:%s", rcv.cfg.am.User, rcv.cfg.am.Password)))
+		req.Header.Set("Authorization", fmt.Sprintf("Basic %s", auth))
+	}
+
 	req.Header.Add("Content-Type", "application/json")
 	resp, err := client.Do(req)
 	if err != nil {