Authorization

Testfully supports various Authorization schemes including but not limited to OAut2, Basic Authentication, API Key, and Bearer Token. This page includes everything you need to leverage this feature.

Authorization Schemes

Various Authorization schemes and their support status.

SchemeStatus
OAuth 2
Supported
Basic Authentication
Supported
Bearer Token
Supported
API Key
Supported
AWS Signature
Supported
OAuth 1
Coming Soon

Authorization Settings

Authorization settings can be applied to a request, an environment, or a folder.

Requests

To configure authorization settings for a request, open a request and click on the Authorization tab.

Environments
Lite Plan

Environments can be configured to have an authorization scheme. Requests that are executed against a particular environment inherit the environment's authorization settings. Requests with a configured Authorization scheme won't inherit the scheme from the parent environment.

To configure authorization for an environment:

  1. Open the environment
  2. Click on the Authorization tab
  3. Set the desired scheme
  4. Click on Save

Folders

Requests without Authorization settings inherit authorization settings of their parent folder. Requests with a configured Authorization scheme won't inherit the scheme from the parent folder.

To configure authorization for a folder:

  1. Hover over the folder, and click on the "..." button
  2. Click on the Authorization tab
  3. Set the desired scheme
  4. Click on Save

Using globals & environment variables

Most input fields within Authorization settings accept global and environment variables. To embed a global or an environment variable, simply type {{variable_name}}.

Demo

In this demo, we will go through the process of using Testfully's authorization feature to authorize an API call.

AWS Signature Version 4 Authorization

AWS Signature Version 4 (AWS SigV4) is at the forefront of securing and authenticating API requests across AWS services. This method signs requests with a set of credentials that includes an Access Key ID and Secret Access Key, as well as an optional Session Token. This process ensures your API calls are secure, authenticated, and free from unauthorized access or alteration.

Using AWS Signature V4 in Testfully

To use AWS Signature V4 in Testfully, you must provide particular information that allows the secure signing of your API requests. Here's an outline of each required and optional field:

  • Access Key ID: Your AWS account's unique identifier, which is used to identify you as the sender of the request.
  • Secret Access Key: A secret associated with the Access Key ID, used to encrypt your request signature.
  • AWS Region: The region where your AWS request is being sent. This must be specified in lowercase, such as us-west-2.
  • AWS Service Name: The name of the AWS service you are accessing, also in lowercase, e.g., s3.
  • Session Token (Optional): Required only for temporary credentials that typically come from the AWS Security Token Service (STS).
  • Auth Data Placement: Specifies where the authentication data will be placed in the request. Depending on the API's requirements, this could be in the header or as a query parameter.

You can set up AWS Signature V4 in Testfully for a request, an environment, or a folder. The process is similar to setting up other authorization schemes, as outlined in the previous section.

Best Practices

When configuring AWS Signature V4 in Testfully, consider the following best practices:

  • Use Variables for Sensitive Information: Always use variables for fields like Access Key ID and Secret Access Key. This secures your tests and simplifies the process of updating credentials.
  • Session Token Is Optional: Only include the Session Token if you are using temporary credentials. For long-term credentials, this field can be omitted.
  • Validity of Region and Service Name: Ensure the AWS Region and Service Name are correct and lowercase. Incorrect values can result in failed API requests.
Next
Getting started