...
To begin with you need a destination (more details on creating destinations and how to create them here) - the location of your API or application server behind the Gateway. On this destination, you need to enable SPNEGO / Kerberos authentication, and use a userid and password that we later will add to the request attribute through a location definition, by extracted them from the request header using a Location Script.
...
Next you need the location that, in this example will handle the extraction of the Basic Auth userid and password from the HTTP header and make them available to the destination authenticator. More details on locations and how to create them here.
Go to locations in the Gateway configuration, add a new location, give it a name and description.
...