Overview

API tests allow you to send requests to your applications’ API endpoints to verify responses and defined conditions, such as overall response time, expected status code, header, or body content. Multistep API tests allow you to chain requests to proactively monitor sophisticated journeys on your key services, and ensure they are available at any time and from any managed or private location.

This guide discusses the various authentication protocols available for Synthetic API and multistep API tests. For more information about authentication in browser tests, see Running Tests On An Application That Requires Authentication.

Authentication methods

If your endpoint requires authentication, you can add your credentials when creating an API or multistep API test. API and multistep API tests support the following authentication protocols: Basic Access Authentication, Digest Access Authentication, OAuth2.0, NTLM, AWS Sigv4, and client certificates.

In the Define the request section, click Advanced Options > Authentication and select an authentication method:

Click HTTP Basic Auth and enter a username and password. Basic access authentication is supported in HTTP tests, multistep API tests, and WebSocket tests.

Click Digest Auth and enter a username and password. Digital access authentication is supported in HTTP tests and multistep API tests.

Click OAuth 2.0, select a grant type (Client Credentials or Resource Password), and include an Access Token URL, Client ID, and Client Secret. Select a token API authentication method (Send as Basic Auth header or Send client credentials in body) and optionally, include an audience, resource, and scope. OAuth 2.0 authentication is supported in HTTP tests and multistep API tests.

Click NTLM, enter a username and password, and optionally, a domain and work station. NTLM authentication is supported in HTTP tests and multistep API tests.

Click AWS Signature, enter an Access Key ID and Secret Access Key, and optionally, a region, service name, and session token. AWS Signature authentication is supported in HTTP tests and multistep API tests.

Click Upload File to upload a private key file and a certificate file. Client Certificate authentication is supported in HTTP tests, multistep API tests, SSL tests, and gRPC tests.

Account security

If you want to hide user credentials from your test results and configuration, you can use global and local variables when creating an API or multistep API test.

Global variables

By storing your credentials as global variables, you can:

  • Easily reuse them across multiple tests.
  • Hide their values from test results and configurations by selecting Hide and obfuscate variable value.
  • Restrict their access to a subset of your organization’s users by using custom roles.

Local variables

By storing your credentials as local variables, your credentials are scoped to a unique test. In order to hide their values from test results and configurations, select Hide and obfuscate variable value.

For more information about data security, see Synthetic Monitoring Data Security.

Further Reading

PREVIEWING: rtrieu/product-analytics-ui-changes