Skip to main content

HTTP Authentication with Escape

Description

The 'HTTP' authentication preset is designed to handle authentication via structured HTTP requests:

  • Structured Request: Authentication is performed through a well-defined HTTP request, including URL, method, headers, cookies, query parameters, and body.
  • Dynamic Token Management: The preset handles the extraction of authentication tokens from the HTTP response and subsequently reinjects them into future requests.
  • User Credentials: Supports attaching various credentials to each user, such as username, password, headers, cookies, and other request parameters.

This method is particularly effective in scenarios where authentication is managed via custom HTTP endpoints, requiring precise control over request composition and token handling.

Examples

presets:
- type: http
request:
url: https://api.example.com/authenticate
method: POST
body:
additional: body
for: authentication
headers:
Content-Type: application/json
injections:
- key: Authorization
location: header
prefix: 'Bearer '
variable: token
extractions:
- name: token
key: accessToken
location: body
users:
- username: user1
body:
login: user1
password: pass1
- username: user2
body:
login: user2
password: pass2
cookies:
additional: cookie
headers:
additional: header
queryParameters:
additional: query param

Extensive Configuration

PropertyTypeRequiredDescriptionReference
typeConst[http]True
usersHTTPUserPresetTrueThe list of users to generate tokens for.HTTPUserPreset
requestHTTPRequestPresetTrueThe parameters of the HTTP request used to fetch the access and refresh tokens.HTTPRequestPreset
extractionsTokenExtractionTrueThe token extraction configuration used to extract the tokens from the HTTP response.TokenExtraction
injectionsTokenInjectionTrueThe injection configuration used to inject the tokens into the HTTP requests.TokenInjection

Objects

HTTPUserPreset

PropertyTypeRequiredDescriptionReference
usernamestringTrueThe username to attach to the HTTP requests sent for this user. See developer.mozilla.org
headersDict[string, string]FalseA dict representing the headers to attach to every HTTP requests sent for this user
cookiesDict[string, string]FalseA dict representing the cookies to attach to every HTTP requests sent for this user
passwordstringFalseThe password to attach to the HTTP requests sent for this user. See developer.mozilla.org
queryParametersDict[string, string]FalseA dict of query parameters to attach to every HTTP requests sent for this user
bodyAnyFalseA body to merge with the bodies of every HTTP requests sent for this user

HTTPRequestPreset

PropertyTypeRequiredDescriptionReference
urlstringTrueThe URL to send the request to
methodHTTPMethodTrueThe HTTP method to useHTTPMethod
headersDict[string, string]FalseThe list of headers to attach to the request. Headers are merged with the user credentials headers. It is possible to attach mutliple values to a header.
cookiesDict[string, string]FalseThe list of cookies to attach to the request. Cookies are merged with the user credentials cookies. It is possible to attach mutliple values to a cookie. Cookie values are url-encoded before being sent.
query_parametersDict[string, string]FalseThe list of query parameters to attach to the request. Query parameters are merged with the user credentials query parameters. It is possible to attach mutliple values to a query parameter. Query parameter values are url-encoded before being sent.
bodyAnyFalseThe body of the request. It can be a string or a JSON object. It is merged with the user credentials body if provided. If bodies of the HTTP request and of the user credentials are both JSON objects, they are merged. If the two bodies are strings, they are concatenated. If the two bodies are of different types, the body of the user credentials is used instead of this value.

TokenExtraction

PropertyTypeRequiredDescriptionReference
locationHTTPLocationTrueThe location of the HTTP request where the value should be extractedHTTPLocation
keystringTrueThe key to use for the extracted value, depending on the location
regexstringFalseThe regex to use to extract the token from the key value. By default the entire value is taken.
namestringTrueThe name of the variable to store the extracted value into

TokenInjection

PropertyTypeRequiredDescriptionReference
locationHTTPLocationTrueThe location of the HTTP request where the token should be injectedHTTPLocation
keystringTrueThe key to use for the injected token. Its usage depends on the location. For headers, cookies,and query parameters, this key describes the name of the header, cookie or query parameter. For a body location, the key is the field where the token should be injected within the request bodies
prefixstringFalseA prefix to prepend to the token before it is injected
variablestringTrueThe name of a variable to retrieve to create the token's value. If not provided, the token will be infered as the first successful extraction of the procedure

Enums

HTTPMethod

  • CONNECT

  • DELETE

  • GET

  • HEAD

  • OPTIONS

  • PATCH

  • POST

  • PUT

  • TRACE

HTTPLocation

  • header

  • cookie

  • body

  • query