Profile Security
Security is where you set credentials for the API under test. The auto-tester supports only Basic authentication (username and password) and Bearer (or Token) authentication; it does not support other authentication methods such as OAuth, or the use of custom headers.
Select your security type from the dropdown and enter the required information:
Security Type | Description | Credentials |
---|---|---|
None | Unsecured endpoint | n/a |
Basic | Basic HTTP authentication | Username/Password |
Basic-url | Same as Basic but omits the word Basic from the Authorization header |
Username/Password |
Bearer | Bearer (or Token) authentication | Token |
If you provide incorrect credentials then they will not prevent the profile from running, but you can expect to see all requests fail, typically with the response 401 Unauthorized or 403 Forbidden.
If you provide a bearer token then be sure that it has a sufficient lifetime to cover the full period of the test, which is determined by the stopping criteria in the profile configuration. Otherwise, once the token expires, you can expect to see authentication failures as described earlier.
Custom headers
You can also confiure custom security headers should your APIs require them for authentication/authorization. Simply add the required header(s) and the appropritate value(s) under the custom headers section like so: