← Back to Docs

API Authentication

Configure authentication for APIs under test

Set up authentication to test APIs that require credentials, tokens, or custom auth schemes.

Supported Authentication Types

API Key

Add API key to headers or query parameters:

Header Example:

X-API-Key: your-api-key-here

Query Parameter Example:

?api_key=your-api-key-here

Bearer Token

Add Bearer token to Authorization header:

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGc...

Basic Authentication

Username and password encoded in Authorization header:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

Custom Authentication

Write custom Python code to prepare authentication. WellTested will analyze your code, detect the authentication parameters, and generate a reusable form. Next time, you can simply fill in the form instead of writing code again.

def prepare_auth(request):
    # Custom logic to add auth
    request['headers']['X-Custom-Auth'] = generate_signature()
    return request

Configure Authentication

For Environment

Project → Environments → Select Environment → Authentication
  1. Select authentication type
  2. Enter credentials
  3. Configure parameters
  4. Test connection
  5. Save

For Test Case

Authentication is automatically applied from the selected environment when running tests.

Authentication in Generated Code

WellTested automatically injects authentication into generated test code:

# Prepare request with authentication
prepared = auth_handler.prepare_request({
    'method': 'GET',
    'url': f'{base_url}/users',
    'headers': {},
    'params': {},
    'body': None
})

# Execute with auth
response = requests.request(
    method=prepared['method'],
    url=prepared['url'],
    headers=prepared['headers']
)

Common Authentication Patterns

JWT Token Flow

  1. Login to get token
  2. Use token in subsequent requests
  3. Refresh token when expired

OAuth 2.0

  1. Get access token
  2. Include in Authorization header
  3. Handle token refresh

API Key Rotation

  1. Configure multiple API keys
  2. Rotate keys periodically
  3. Update environment configuration

Troubleshooting

401 Unauthorized

Solutions:

  • Verify credentials are correct
  • Check authentication type matches API requirements
  • Ensure token hasn’t expired

403 Forbidden

Solutions:

  • Verify API key has required permissions
  • Check user account has access to resource

Best Practices

  • Store credentials securely in environment configuration
  • Use different credentials for each environment
  • Rotate API keys regularly
  • Test authentication separately before running full tests

Next Steps

← Back to Documentation