You would check for an HTTP header called "Authorization". It contains the username and the base-64 encoded password. (See this for the mechanics of how that header is put together.) That gets you the username and password to authenticate.
If the header is missing, or the username/password combination is invalid, you would respond with an HTTP 304 status, somewhat like this:
If you're using a REST library it may have provisions for this.