Amit, I think your approach doesn’t actually protect the archive folder because anyone with access to your source code will be able to extract the base64 encoded authorization header.

Secondly, you won’t be able to change those credentials at a later date because you’ll break the update functionality for everyone using the old credentials.

Maybe I misunderstood you question, so please feel free to post a followup question.