diff --git a/generators/csharp/dynamic-snippets/src/EndpointSnippetGenerator.ts b/generators/csharp/dynamic-snippets/src/EndpointSnippetGenerator.ts
index c2d688f73cae..5561bf9923fc 100644
--- a/generators/csharp/dynamic-snippets/src/EndpointSnippetGenerator.ts
+++ b/generators/csharp/dynamic-snippets/src/EndpointSnippetGenerator.ts
@@ -385,16 +385,24 @@ export class EndpointSnippetGenerator extends WithGeneration {
         auth: FernIr.dynamic.BasicAuth;
         values: FernIr.dynamic.BasicAuthValues;
     }): NamedArgument[] {
-        return [
-            {
+        // usernameOmit/passwordOmit may exist in newer IR versions
+        const authRecord = auth as unknown as Record<string, unknown>;
+        const usernameOmitted = !!authRecord.usernameOmit;
+        const passwordOmitted = !!authRecord.passwordOmit;
+        const args: NamedArgument[] = [];
+        if (!usernameOmitted) {
+            args.push({
                 name: this.context.getParameterName(auth.username),
                 assignment: this.csharp.Literal.string(values.username)
-            },
-            {
+            });
+        }
+        if (!passwordOmitted) {
+            args.push({
                 name: this.context.getParameterName(auth.password),
                 assignment: this.csharp.Literal.string(values.password)
-            }
-        ];
+            });
+        }
+        return args;
     }
 
     private getConstructorBearerAuthArgs({
diff --git a/generators/csharp/sdk/src/root-client/RootClientGenerator.ts b/generators/csharp/sdk/src/root-client/RootClientGenerator.ts
index f5c8ed5cfa2a..4d6b0d3f19b6 100644
--- a/generators/csharp/sdk/src/root-client/RootClientGenerator.ts
+++ b/generators/csharp/sdk/src/root-client/RootClientGenerator.ts
@@ -454,6 +454,7 @@ export class RootClientGenerator extends FileGenerator<CSharpFile, SdkGeneratorC
                             (s): s is typeof s & { type: "basic" } => s.type === "basic"
                         );
                         const isAuthOptional = !this.context.ir.sdkConfig.isAuthMandatory;
+                        let isFirstBlock = true;
                         for (let i = 0; i < basicSchemes.length; i++) {
                             const basicScheme = basicSchemes[i];
                             if (basicScheme == null) {
@@ -467,15 +468,30 @@ export class RootClientGenerator extends FileGenerator<CSharpFile, SdkGeneratorC
                             const passwordAccess = unified
                                 ? `clientOptions.${this.toPascalCase(passwordName)}`
                                 : passwordName;
+                            const usernameOmitted = !!basicScheme.usernameOmit;
+                            const passwordOmitted = !!basicScheme.passwordOmit;
+                            // Condition: only require non-omitted fields to be present
+                            let condition: string;
+                            if (!usernameOmitted && !passwordOmitted) {
+                                condition = `${usernameAccess} != null && ${passwordAccess} != null`;
+                            } else if (usernameOmitted && !passwordOmitted) {
+                                condition = `${passwordAccess} != null`;
+                            } else if (!usernameOmitted && passwordOmitted) {
+                                condition = `${usernameAccess} != null`;
+                            } else {
+                                // Both fields omitted — skip auth header entirely when auth is non-mandatory
+                                continue;
+                            }
                             if (isAuthOptional || basicSchemes.length > 1) {
-                                const controlFlowKeyword = i === 0 ? "if" : "else if";
-                                innerWriter.controlFlow(
-                                    controlFlowKeyword,
-                                    this.csharp.codeblock(`${usernameAccess} != null && ${passwordAccess} != null`)
-                                );
+                                const controlFlowKeyword = isFirstBlock ? "if" : "else if";
+                                innerWriter.controlFlow(controlFlowKeyword, this.csharp.codeblock(condition));
                             }
+                            isFirstBlock = false;
+                            // Build credential string: omitted fields are empty, provided fields use interpolation
+                            const usernamePart = usernameOmitted ? "" : `{${usernameAccess}}`;
+                            const passwordPart = passwordOmitted ? "" : `{${passwordAccess}}`;
                             innerWriter.writeTextStatement(
-                                `clientOptionsWithAuth.Headers["Authorization"] = $"Basic {Convert.ToBase64String(global::System.Text.Encoding.UTF8.GetBytes($"{${usernameAccess}}:{${passwordAccess}}"))}"`
+                                `clientOptionsWithAuth.Headers["Authorization"] = $"Basic {Convert.ToBase64String(global::System.Text.Encoding.UTF8.GetBytes($"${usernamePart}:${passwordPart}"))}"`
                             );
                             if (isAuthOptional || basicSchemes.length > 1) {
                                 innerWriter.endControlFlow();
@@ -802,8 +818,12 @@ export class RootClientGenerator extends FileGenerator<CSharpFile, SdkGeneratorC
             {
                 const usernameName = this.case.camelSafe(scheme.username);
                 const passwordName = this.case.camelSafe(scheme.password);
-                return [
-                    {
+                const usernameOmitted = !!scheme.usernameOmit;
+                const passwordOmitted = !!scheme.passwordOmit;
+                // When omit is true, the field is completely removed from the end-user API.
+                const params: ConstructorParameter[] = [];
+                if (!usernameOmitted) {
+                    params.push({
                         name: usernameName,
                         docs: scheme.docs ?? `The ${usernameName} to use for authentication.`,
                         isOptional,
@@ -817,8 +837,10 @@ export class RootClientGenerator extends FileGenerator<CSharpFile, SdkGeneratorC
                         type: this.Primitive.string,
                         environmentVariable: scheme.usernameEnvVar,
                         exampleValue: this.case.screamingSnakeSafe(scheme.username)
-                    },
-                    {
+                    });
+                }
+                if (!passwordOmitted) {
+                    params.push({
                         name: passwordName,
                         docs: scheme.docs ?? `The ${passwordName} to use for authentication.`,
                         isOptional,
@@ -832,8 +854,9 @@ export class RootClientGenerator extends FileGenerator<CSharpFile, SdkGeneratorC
                         type: this.Primitive.string,
                         environmentVariable: scheme.passwordEnvVar,
                         exampleValue: this.case.screamingSnakeSafe(scheme.password)
-                    }
-                ];
+                    });
+                }
+                return params;
             }
         } else if (scheme.type === "oauth") {
             if (this.oauth !== null) {
diff --git a/generators/csharp/sdk/versions.yml b/generators/csharp/sdk/versions.yml
index 94aa12cd133e..191414dafec6 100644
--- a/generators/csharp/sdk/versions.yml
+++ b/generators/csharp/sdk/versions.yml
@@ -1,4 +1,16 @@
 # yaml-language-server: $schema=../../../fern-versions-yml.schema.json
+- version: 2.58.0
+  changelogEntry:
+    - summary: |
+        Support omitting username or password from basic auth when configured via
+        `usernameOmit` or `passwordOmit` in the IR. Omitted fields are removed from
+        the SDK's public API and treated as empty strings internally (e.g., omitting
+        password encodes `username:`, omitting username encodes `:password`). When
+        both are omitted, the Authorization header is skipped entirely.
+      type: feat
+  createdAt: "2026-04-03"
+  irVersion: 66
+
 - version: 2.57.0-rc.0
   changelogEntry:
     - summary: |
diff --git a/packages/cli/generation/ir-generator/src/dynamic-snippets/DynamicSnippetsConverter.ts b/packages/cli/generation/ir-generator/src/dynamic-snippets/DynamicSnippetsConverter.ts
index b1750ea01c28..5675bc14999b 100644
--- a/packages/cli/generation/ir-generator/src/dynamic-snippets/DynamicSnippetsConverter.ts
+++ b/packages/cli/generation/ir-generator/src/dynamic-snippets/DynamicSnippetsConverter.ts
@@ -732,11 +732,22 @@ export class DynamicSnippetsConverter {
         }
         const scheme = auth.schemes[0];
         switch (scheme.type) {
-            case "basic":
-                return DynamicSnippets.Auth.basic({
+            case "basic": {
+                const basicAuth: DynamicSnippets.BasicAuth & {
+                    usernameOmit?: boolean;
+                    passwordOmit?: boolean;
+                } = {
                     username: this.inflateName(scheme.username),
                     password: this.inflateName(scheme.password)
-                });
+                };
+                if (scheme.usernameOmit) {
+                    basicAuth.usernameOmit = scheme.usernameOmit;
+                }
+                if (scheme.passwordOmit) {
+                    basicAuth.passwordOmit = scheme.passwordOmit;
+                }
+                return DynamicSnippets.Auth.basic(basicAuth);
+            }
             case "bearer":
                 return DynamicSnippets.Auth.bearer({
                     token: this.inflateName(scheme.token)
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/.fern/metadata.json b/seed/csharp-sdk/basic-auth-pw-omitted/.fern/metadata.json
index d119d1639273..91d0855bee07 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/.fern/metadata.json
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/.fern/metadata.json
@@ -1,7 +1,7 @@
 {
   "cliVersion": "DUMMY",
   "generatorName": "fernapi/fern-csharp-sdk",
-  "generatorVersion": "local",
+  "generatorVersion": "latest",
   "generatorConfig": {},
   "originGitCommit": "DUMMY",
   "sdkVersion": "0.0.1"
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/README.md b/seed/csharp-sdk/basic-auth-pw-omitted/README.md
index 416d3d0f71fe..db2753a6a72d 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/README.md
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/README.md
@@ -41,7 +41,7 @@ Instantiate and use the client with the following:
 ```csharp
 using SeedBasicAuthPwOmitted;
 
-var client = new SeedBasicAuthPwOmittedClient("USERNAME", "PASSWORD");
+var client = new SeedBasicAuthPwOmittedClient("USERNAME");
 await client.BasicAuth.PostWithBasicAuthAsync(
     new Dictionary<object, object?>() { { "key", "value" } }
 );
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/snippet.json b/seed/csharp-sdk/basic-auth-pw-omitted/snippet.json
index d34d7ff2de39..4c3ff1f75316 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/snippet.json
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/snippet.json
@@ -10,7 +10,7 @@
             },
             "snippet": {
                 "type": "csharp",
-                "client": "using SeedBasicAuthPwOmitted;\n\nvar client = new SeedBasicAuthPwOmittedClient(\"USERNAME\", \"PASSWORD\");\nawait client.BasicAuth.GetWithBasicAuthAsync();\n"
+                "client": "using SeedBasicAuthPwOmitted;\n\nvar client = new SeedBasicAuthPwOmittedClient(\"USERNAME\");\nawait client.BasicAuth.GetWithBasicAuthAsync();\n"
             }
         },
         {
@@ -22,7 +22,7 @@
             },
             "snippet": {
                 "type": "csharp",
-                "client": "using SeedBasicAuthPwOmitted;\n\nvar client = new SeedBasicAuthPwOmittedClient(\"USERNAME\", \"PASSWORD\");\nawait client.BasicAuth.PostWithBasicAuthAsync(\n    new Dictionary<object, object?>() { { \"key\", \"value\" } }\n);\n"
+                "client": "using SeedBasicAuthPwOmitted;\n\nvar client = new SeedBasicAuthPwOmittedClient(\"USERNAME\");\nawait client.BasicAuth.PostWithBasicAuthAsync(\n    new Dictionary<object, object?>() { { \"key\", \"value\" } }\n);\n"
             }
         }
     ]
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example0.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example0.cs
index 0386a3aae32d..6f9ff23cec7b 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example0.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example0.cs
@@ -7,7 +7,6 @@ public class Example0
     public async Task Do() {
         var client = new SeedBasicAuthPwOmittedClient(
             username: "<username>",
-            password: "<password>",
             clientOptions: new ClientOptions {
                 BaseUrl = "https://api.fern.com"
             }
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example1.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example1.cs
index 1350c4c8bf5f..24c9405b59dc 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example1.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example1.cs
@@ -7,7 +7,6 @@ public class Example1
     public async Task Do() {
         var client = new SeedBasicAuthPwOmittedClient(
             username: "<username>",
-            password: "<password>",
             clientOptions: new ClientOptions {
                 BaseUrl = "https://api.fern.com"
             }
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example2.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example2.cs
index 18153656c351..5d43ecab4c89 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example2.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example2.cs
@@ -7,7 +7,6 @@ public class Example2
     public async Task Do() {
         var client = new SeedBasicAuthPwOmittedClient(
             username: "<username>",
-            password: "<password>",
             clientOptions: new ClientOptions {
                 BaseUrl = "https://api.fern.com"
             }
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example3.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example3.cs
index f87705f66997..a2e5fde81c6b 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example3.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example3.cs
@@ -7,7 +7,6 @@ public class Example3
     public async Task Do() {
         var client = new SeedBasicAuthPwOmittedClient(
             username: "<username>",
-            password: "<password>",
             clientOptions: new ClientOptions {
                 BaseUrl = "https://api.fern.com"
             }
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example4.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example4.cs
index 6830ffefd31d..e78f2c1fc3e5 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example4.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example4.cs
@@ -7,7 +7,6 @@ public class Example4
     public async Task Do() {
         var client = new SeedBasicAuthPwOmittedClient(
             username: "<username>",
-            password: "<password>",
             clientOptions: new ClientOptions {
                 BaseUrl = "https://api.fern.com"
             }
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example5.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example5.cs
index e72d56e4a6ae..d1c8a33d91ea 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example5.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example5.cs
@@ -7,7 +7,6 @@ public class Example5
     public async Task Do() {
         var client = new SeedBasicAuthPwOmittedClient(
             username: "<username>",
-            password: "<password>",
             clientOptions: new ClientOptions {
                 BaseUrl = "https://api.fern.com"
             }
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example6.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example6.cs
index 575b1b09bc67..a22fa62a1000 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example6.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedApi.DynamicSnippets/Example6.cs
@@ -7,7 +7,6 @@ public class Example6
     public async Task Do() {
         var client = new SeedBasicAuthPwOmittedClient(
             username: "<username>",
-            password: "<password>",
             clientOptions: new ClientOptions {
                 BaseUrl = "https://api.fern.com"
             }
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedBasicAuthPwOmitted.Test/Unit/MockServer/BaseMockServerTest.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedBasicAuthPwOmitted.Test/Unit/MockServer/BaseMockServerTest.cs
index 5e326bfd0150..b1ba88a9f60d 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedBasicAuthPwOmitted.Test/Unit/MockServer/BaseMockServerTest.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedBasicAuthPwOmitted.Test/Unit/MockServer/BaseMockServerTest.cs
@@ -25,7 +25,6 @@ public void GlobalSetup()
         // Initialize the Client
         Client = new SeedBasicAuthPwOmittedClient(
             "USERNAME",
-            "PASSWORD",
             clientOptions: new ClientOptions { BaseUrl = Server.Urls[0], MaxRetries = 0 }
         );
     }
diff --git a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedBasicAuthPwOmitted/SeedBasicAuthPwOmittedClient.cs b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedBasicAuthPwOmitted/SeedBasicAuthPwOmittedClient.cs
index 7983d9e6046d..9ceaa24c808a 100644
--- a/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedBasicAuthPwOmitted/SeedBasicAuthPwOmittedClient.cs
+++ b/seed/csharp-sdk/basic-auth-pw-omitted/src/SeedBasicAuthPwOmitted/SeedBasicAuthPwOmittedClient.cs
@@ -8,7 +8,6 @@ public partial class SeedBasicAuthPwOmittedClient : ISeedBasicAuthPwOmittedClien
 
     public SeedBasicAuthPwOmittedClient(
         string? username = null,
-        string? password = null,
         ClientOptions? clientOptions = null
     )
     {
@@ -31,7 +30,7 @@ public SeedBasicAuthPwOmittedClient(
         }
         var clientOptionsWithAuth = clientOptions.Clone();
         clientOptionsWithAuth.Headers["Authorization"] =
-            $"Basic {Convert.ToBase64String(global::System.Text.Encoding.UTF8.GetBytes($"{username}:{password}"))}";
+            $"Basic {Convert.ToBase64String(global::System.Text.Encoding.UTF8.GetBytes($"{username}:"))}";
         _client = new RawClient(clientOptionsWithAuth);
         BasicAuth = new BasicAuthClient(_client);
     }