To configure authorization for REST, GraphQL, SOAP, or XML-RPC requests, you need to assign authorization profiles to them. ReadyAPI has built-in profiles, such as Basic, NTLM, and SPNEGO/Kerberos, but you can also create custom authorization profiles of any supported authorization type. With authorization inheritance, you can assign the same profile to multiple requests.
In ReadyAPI, you can manage request authorization in several ways:
With Auth Manager, you can work with all authorizations in your project. It holds information about all the authorization profiles configured in the project and helps you assign them as needed.
To open the manager, select any node in the APIs section of the Navigator and select Auth Manager from the Auth & Security drop-down on the toolbar.
Auth Manager has two tabs:
Auth Repository – Provides access to all the configured profiles. Here, you can create, configure, rename, and delete the authorization profiles used in your projects. See the Manage Authorization Profiles section for details.
Auth Manager – Provides access to all the requests in your projects. Here, you can assign an authorization profile or method to REST, SOAP, or XML-RPC requests. The requests can be both API definitions and request test steps in your SoapUI tests.
You can create an authorization profile and use it in a single or multiple requests. To add an authorization profile:
Open a request in the editor, switch to the Auth panel and click Add Authorization Profile.
– or –
In Auth Manager, click on the Auth Repository tab.
In the subsequent dialog, select a profile type, enter a profile name, and click OK.
Configure the profile according to its type.
To assign an authorization profile to a specific request:
Open a request in the editor, switch to the Auth panel, and select an authorization profile or method from the Authorization dropdown.
– or –
In Auth Manager, switch to the Auth Manager tab and select an authorization profile or method from the drop-down list in the Authorization Method column of the needed request.
To rename a profile:
Open a request in the editor, switch to the Auth panel, and select Rename Current Profile from the Authorization dropdown.
– or –
In Auth Manager, select a profile on the Auth Repository tab and click .
In the subsequent dialog, enter a profile name and click OK.
|Note:||There is no need to rename the profile in individual requests.|
To delete an authorization profile:
With authorization inheritance, you can apply the same profile to a large number of tests. For example, you can apply authorization rules specified on the project level to all underlying levels, such as test suites, test cases, test steps and requests. To do this, you need to select the Inherit From Parent authorization method for the needed requests.
Authorization rules specified at lower levels have a priority over the rules specified at higher levels. For example, a configuration at the test case level will override the configuration at the test suite level. This allows you to have the same standard authorization for all test cases, except for the ones that test for faulty authorization or use different authorization types.
To inherit authorization settings from a request, use the following methods:
No authorization – Select it if no authorization is needed for the request.
Inherit From Parent – Select it to apply authorization settings as in the parent test case.
Inherit From Service – Select it to apply authorization settings as in the underlying request.