Authentication

Applies to ReadyAPI 3.57, last modified on December 20, 2024

To configure authorization for REST, GraphQL, gRPC, SOAP, or XML-RPC requests, you need to assign authorization profiles to them. ReadyAPI applies the same authorization settings to different requests across the project. Also, you use authorization profiles to change authorization in different environments.

With authorization inheritance, you can assign the same profile to multiple requests.

You can also use Basic, NTLM, and SPNEGO/Kerberos built-in profiles. ReadyAPI applies such profiles only to one request.

In ReadyAPI, you can manage request authorization in several ways:

Auth Manager

With Auth Manager, you can work with all authorizations in your project. It holds information about all the authorization profiles configured in the project and helps you assign them as needed.

To open the manager, select any node in the APIs section of the Navigator and select Auth Manager from the Auth & Security drop-down on the toolbar.

Accessing Authorization Manager

Click the image to enlarge it.

Auth Manager has two tabs:

  • Auth Repository – Provides access to all the configured profiles. Here, you can create, configure, rename, and delete the authorization profiles used in your projects. See the Manage Authorization Profiles section for details.

  • Auth Manager – Provides access to all the requests in your projects. Here, you can assign an authorization profile or method to REST, SOAP, or XML-RPC requests. The requests can be both API definitions and request test steps in your SoapUI tests.

Manage authorization profiles

Add a profile

You can create an authorization profile and use it in a single or multiple requests. To add an authorization profile:

  1. Open a request in the editor, switch to the Auth panel and click Add Authorization Profile.

    View image

    – or –

    In Auth Manager, click Add on the Auth Repository tab.

    View image

  2. In the subsequent dialog, select a profile type, enter a profile name, and click OK.

    Adding authorization

    Click the image to enlarge it.

  3. Configure the profile according to its type.

Assign a profile

To assign an authorization profile to a specific request:

  • Open a request in the editor, switch to the Auth panel, and select an authorization profile or method from the Authorization dropdown.

    View image

    – or –

  • In Auth Manager, switch to the Auth Manager tab and select an authorization profile or method from the drop-down list in the Authorization Method column of the needed request.

    View image

To rename a profile:

  1. Open a request in the editor, switch to the Auth panel, and select Rename Current Profile from the Authorization dropdown.

    View image

    – or –

    In Auth Manager, select a profile on the Auth Repository tab and click Rename .

    View image

  2. In the subsequent dialog, enter a profile name and click OK.

Note: There is no need to rename the profile in individual requests.

To delete an authorization profile:

  1. Open a request in the editor, switch to the Auth panel, and select Delete Current Profile from the Authorization dropdown.

    View image

    – or –

    In Auth Manager, select a profile on the Auth Repository tab and click Remove .

    View image

  2. In the subsequent dialog, confirm the deletion.

Authorization inheritance

With authorization inheritance, you can apply the same profile to a large number of tests. For example, you can apply authorization rules specified on the project level to all underlying levels, such as test suites, test cases, test steps and requests. To do this, you need to select the Inherit From Parent authorization method for the needed requests.

Authorization inheritance

Click the image to enlarge it.

How it works

Authorization rules specified at lower levels have a priority over the rules specified at higher levels. For example, a configuration at the test case level will override the configuration at the test suite level. This allows you to have the same standard authorization for all test cases, except for the ones that test for faulty authorization or use different authorization types.

Overridden authorization inheritance

Click the image to enlarge it.

Authorization methods

To inherit authorization settings from a request, use the following methods:

  • No authorization – Select it if no authorization is needed for the request.

  • Inherit From Parent – Select it to apply authorization settings as in the parent test case.

  • Inherit From Service – Select it to apply authorization settings as in the underlying API.

See Also

Configuring Requests

Watch the video
 
Highlight search results