OAuth 1.0 Authorization
You can use Testfully to authorize your HTTP calls using two-legged or three-legged OAuth 1.0 authorization schemes. This guide will walk you through the details of how to set up OAuth 1.0 authorization in Testfully.
Two-legged vs. Three-legged OAuth 1.0
OAuth 1.0 authorization can be implemented using two-legged or three-legged schemes. The main difference between the two is the number of parties involved in the authorization process:
Two-legged OAuth 1.0: In this scheme, the consumer (client) directly communicates with the server to obtain an access token. This is typically used for server-to-server communication where the consumer is a trusted entity.
Three-legged OAuth 1.0: In this scheme, the consumer(client) interacts with the server and the user to obtain an access token. This is typically used for user-to-server communication where the consumer needs to access user-specific resources.
Good news is that Testfully supports both two-legged and three-legged OAuth 1.0 authorization schemes. You can choose the appropriate scheme based on your use case.
Setting up OAuth 1.0 Authorization in Testfully
OAuth 1.0 authorization in Testfully follows the standard set of features that are offered for other authorization schemes. You can set up OAuth 1.0 authorization in Testfully using one of the following methods:
Using the Authorization tab for a request: If you wish to authorize a single request using OAuth 1.0, you can set up the authorization details in the Authorization tab of the request editor.
Using the Authorization tab for a parent folder or collection: If you wish to authorize multiple requests using OAuth 1.0, you can set up the authorization details in the Authorization tab of a parent folder or collection.
Using the Authorization tab for an environment: If you wish to authorize multiple requests across different folders or collections using OAuth 1.0, you can set up the authorization details in the Authorization tab of an environment.
No matter which method you choose, you will need to provide the following details to set up OAuth 1.0 authorization in Testfully:
| Field | Description |
|---|---|
| Flow (Required) | Choose between two-legged or three-legged OAuth 1.0 authorization schemes. |
| Add Authorization data to | Authorization data can be attached to the request as a header or request body. Consult your OAuth1 server to decide which method should be used. |
| Signature Method (Required) | What method should Testfully use to sign the request? Your OAuth1 server documentation can guide you about the right method. |
| Consumer Key (Required) | The consumer key provided by your OAuth1 server. |
| Access Token (Optional) | The access token provided by your OAuth1 server. |
| Token Secret (Optional) | The token secret provided by your OAuth1 server. |
| Callback Url (Optional) | The callback URL which you have registered with the OAuth1 server. |
| Verifier (Optional) | The verifier token provided by your OAuth1 server as part of authorization. |
| Timestamp (Optional) | The timestamp value to be used in the OAuth1 signature. When no value is provided, Testfully will generate a valid timestamp and attach to the request. |
| Nonce (Optional) | The nonce value to be used in the OAuth1 signature. When no value is provided, Testfully will generate a random nonce and add to the request. |
| Nonce Length (Optional) | The length of the nonce value to be used in the OAuth1 signature. When no value is provided, Testfully will generate a random nonce of 32 characters. |
| Version (Optional) | The version of the OAuth1 protocol to be used. Defaults to 1.0. |
| Realm (Optional) | The realm value to be used in the OAuth1 signature. Leave this field blank if you don't have a Realm for your Authorization. |
| Parameter Separator (Optional) | The separator character to be used in the OAuth1 signature. By default, Testfully uses ,. |
HMAC-SHA1, HMAC-SHA256, and HMAC-SHA512 Signature Methods
When HMAC-SHA1, HMAC-SHA256, or HMAC-SHA512 signature methods are used, you must provide the Consumer Secret when setting up OAuth 1.0 authorization in Testfully. The Consumer Secret is used to sign the request and generate the signature.
RSA-SHA1, RSA-SHA256, and RSA-SHA512 Signature Methods
When RSA-SHA1, RSA-SHA256, or RSA-SHA512 signature methods are used, you must provide the Private Key when setting up OAuth 1.0 authorization in Testfully. The Private Key is used to sign the request and generate the signature.
Three-legged OAuth 1.0 Authorization
When setting up three-legged OAuth 1.0 authorization in Testfully, you will need to provide the following additional details, which are specific to the three-legged OAuth 1.0 authorization scheme and unique to your OAuth1 server. Consult your OAuth1 server documentation to obtain these details:
| Field | Description |
|---|---|
| Request Token URL (Required) | The URL to obtain a request token from the OAuth1 server. |
| Access Token URL (Required) | The URL to obtain an access token from the OAuth1 server. |
| Authorize URL (Required) | The URL to authorize the request token from the OAuth1 server. |
Dynamic Parameters
You can use variables (globals, environment variables, or collection variables) to dynamically set the values of the OAuth 1.0 authorization parameters.
Supported Platforms
| Platform | Version | Status |
|---|---|---|
| Testfully for Web | 1.164.0 and later | Supported |
| Testfully for Desktop (Mac, Linux, Windows) | 1.164.0 and later | Supported |
| Testfully CLI | 1.15.0 and later | Supported |