Profile Security

Security is where you set credentials for the API under test. The auto-tester supports only Basic authentication (username and password) and Bearer (or Token) authentication; it does not support other authentication methods such as OAuth, or the use of custom headers.

Select your security type from the dropdown and enter the required information:

Security Type Description Credentials
None Unsecured endpoint n/a
Basic Basic HTTP authentication Username/Password
Basic-url Same as Basic but omits the word Basic from the Authorization header Username/Password
Bearer Bearer (or Token) authentication Token

If you provide incorrect credentials then they will not prevent the profile from running, but you can expect to see all requests fail, typically with the response 401 Unauthorized or 403 Forbidden.

If you provide a bearer token then be sure that it has a sufficient lifetime to cover the full period of the test, which is determined by the stopping criteria in the profile configuration. Otherwise, once the token expires, you can expect to see authentication failures as described earlier.

Custom headers

You can also confiure custom security headers should your APIs require them for authentication/authorization. Simply add the required header(s) and the appropritate value(s) under the custom headers section like so:

Image of the AutoTest profile custom security headers