Apidog Docs
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
HomeLearning CenterSupport CenterAPI References
HomeLearning CenterSupport CenterAPI References
Discord Community
Slack Community
X / Twitter
πŸ‡ΊπŸ‡Έ English
  • πŸ‡ΊπŸ‡Έ English
  • πŸ‡―πŸ‡΅ ζ—₯本θͺž
  1. Best practices
  • Apidog Learning Center
  • Get started
    • Introduce Apidog
    • Basic concepts in Apidog
    • Navigating Apidog
    • Quick Start
      • Overview
      • Specify a new endpoint
      • Make a request to the endpoint
      • Add an assertion
      • Create a test scenario
      • Share your API documentation
      • Explore more
      • Send a request and save as an endpoint
    • Migration
      • Overview
      • Manual import
      • Scheduled import
      • Import options
      • Export data
      • Import from...
        • Import from Postman
        • Import OpenAPI (Swagger) spec
        • Import cURL
        • Import Markdowns
        • Import from Insomnia
        • Import from apiDoc
        • Import .har file
        • Import WSDL
  • Design APIs
    • Overview
    • Create a new API project
    • Endpoint basics
    • Components
    • Common fields
    • Global parameters
    • Endpoint change history
    • Batch endpoint management
    • Configure multiple request body examples
    • Schemas
      • Overview
      • Generate Schemas from JSON etc.
      • Build a schema
      • Create a new schema
    • Security schemes
      • Overview
      • Create a security scheme
      • Use the security scheme
      • Security scheme in online documentation
    • Advanced features
      • Custom endpoint fields
      • Import endpoints as test steps
      • Endpoint status
      • Appearance of parameter lists
      • Endpoint unique idenfication
  • Develop and Debug APIs
    • Overview
    • Generate requests
    • Send requests
    • Endpoint cases
    • Dynamic values
    • Validate responses
    • Design-first Mode & Request-first Mode
    • Generate code
    • Environments & variables
      • Overview
      • Using variables
      • Environments & services
    • Vault secrets
      • Overview
      • HashiCorp Vault
      • Azure Key Vault
      • AWS Secrets Manager
    • Pre/Post processors
      • Overview
      • Assertion
      • Extract variable
      • Wait
      • Database operations
        • Overview
        • MongoDB
        • Redis
        • Oracle Client
      • Using scripts
        • Overview
        • Postman scripts reference
        • Pre processor scripts
        • Post processor scripts
        • Public scripts
        • Calling other programming languages
        • Using JS libraries
        • Visualizing responses
        • Script examples
          • Assertion scripts
          • Using variables in scripts
          • Using scripts to modify request messages
          • Other examples
    • Dynamic values Modules
  • Mock API data
    • Overview
    • Smart mock
    • Custom mock
    • Mock priority sequence
    • Mock scripts
    • Cloud mock
    • Self-hosted runner mock
    • Mock language (Locales)
  • Automated tests
    • Overview
    • Test reports
    • Test scenarios
      • Create a test scenario
      • Pass data between requests
      • Flow control conditions
      • Import endpoints/endpoint cases from other projects
      • Sync data from endpoints/endpoint cases
      • Export test scenarios
    • Run test scenarios
      • Run a test scenario
      • Data-driven testing
      • Run test scenarios in batch
      • Scheduled tasks
      • Manage the runtime environment of APIs from other projects
    • Test APIs
      • Integration testing
      • Performance testing
      • End-to-end testing
      • Regression testing
    • Apidog CLI
      • Overview
      • Installing and running Apidog CLI
      • Apidog CLI Options
    • CI/CD
      • Overview
      • Integrate with Jenkins
      • Integration with Gitlab
  • Publish API Docs
    • Overview
    • API Technologies Supported
    • Quick share
    • View the API documentation
    • Publish docs sites
    • Folder tree settings
    • Custom layouts
    • Visibility settings
    • Endpoint SEO settings
    • Custom domain
    • Embedding values in document URLs
    • Documentation Search
    • Integrating Google Analytics with Doc Sites
    • CORS Proxy
    • API Versions
      • Overview
      • Create API versions
      • Publish API versions
      • Share endpoints with API versions
  • Send requests
    • Overview
    • gRPC
    • Use request proxy agents for debugging
    • SOAP/WebService
    • GraphQL
    • WebSocket
    • Socket.IO
    • SSE debugging
    • Create requests
      • Request History
      • Request basics
      • Parameters and body
      • Request headers
      • Request settings
      • HTTP/2
    • Authentication and authorization
      • Overview
      • CA and client certificates
      • Authorization types supported by Apidog
      • Digest Auth
      • OAuth 1.0
      • OAuth 2.0
      • Hawk Authentication
      • Kerberos
      • NTLM
      • Akamai EdgeGrid
    • Response and cookies
      • Overview
      • API response in Apidog
      • Create and send cookies
      • Debug requests
      • Save the request as an endpoint
  • Branches
    • Overview
    • Create a new sprint branch
    • Test APIs in a branch
    • Design API in a branch
    • Merge sprint branches
    • Manage sprint branches
  • Apidog MCP Server
    • Overview
    • Conntect API Specification within Apidog Project to AI via Apidog MCP Server
    • Conntect Online API Documentation Published by Apidog to AI via Apidog MCP Server
    • Conntect OpenAPI Files to AI via Apidog MCP Server
  • Best practices
    • How to handle API signatures
    • How to access OAuth 2.0 protected APIs
    • Apidog collaboration workflow
    • Managing authentication state in Apidog
  • Administration
    • Onboarding Checklist
      • Basic Concepts
      • Onboarding Guide
    • Managing Teams
      • Managing Teams
      • Managing Team Members
      • Member Roles & Permission Settings
      • Team Activities
      • Team Resources
        • General Runner
        • Team Variables
        • Request Proxy Agent
      • Real-time Collaborations
        • Team Collaboration
    • Managing Projects
      • Managing Projects
      • Managing Project Members
      • Notification Settings
      • Project Resources
        • Database Connection
    • Managing Organizations
      • Single Sign-On (SSO)
        • SSO Overview
        • Configure Microsoft Entra ID
        • Configure Okta
        • Configure SSO for an Organization
        • Managing user accounts
        • Mapping Groups to Teams
      • SCIM Provisioning
        • Intro to SCIM Provisioning
        • Microsoft Entra ID
        • Okta
      • Organization Resources
        • Self-hosted Runner
  • Billing
    • Overview
    • Credits
    • Unable to use credit cards?
    • Managing subscriptions
    • Upgrade plan
  • Data & Security
    • Where is Apidog's data stored, and how is data security ensured?
    • How is user data stored? Will this data be public? Or will it be private? Will all data be stored in the cloud?
    • When sending requests, do they go through the Apidog server? Is data security ensured?
  • Add-ons
    • API Hub
    • Apidog Intellij IDEA plugin
    • Browser Extension
      • Chrome
      • Microsoft Edge
    • Request Proxy
      • Request proxy in Apidog web
      • Request proxy in shared docs
      • Request proxy in Apidog client
  • Account & preferences
    • Language settings
    • Data backup
    • Network proxy configuration
    • Hot keys
    • Updating Apidog
    • Generate OpenAPI access token
    • Deleting account
    • Account settings
  • References
    • API-Design First Approach
    • Apidog OpenAPI/Swagger Specificaiton Extensions
    • JSONPath
    • XPath
    • Regular Expressions
    • JSON Schema
    • CSV File Format
    • Install Java Environment
    • Runner deployment environment
    • Apidog flavored Markdown
  • Apidog Europe
    • Apidog Europe
  • Support Center
  1. Best practices

Managing authentication state in Apidog

Authentication is a crucial aspect of API testing and development. Properly managing authentication state ensures that your API requests are secure, efficient, and accurately reflect real-world usage scenarios. This guide focuses on handling authentication state in Apidog, a powerful API development and testing platform.
This guide will help you effectively handle authentication state within Apidog.

Common Authentication Methods#

1. Session/Cookie Method#

Apidog automatically maintains authentication state through sessions and cookies.
Usage:
Upon execution of the login API, the global Cookie saves the returned Session/Cookie information.
Subsequent API calls automatically include this Session/Cookie information.
TIP
See the "Auto-Login Implementation" section below for details on achieving automatic login via Session/Cookie.

2. Token-Based Authentication#

Token-based authentication involves including login credentials in API request parameters (typically in the Header). Common approaches include Basic Auth, Bearer Token, and API Key.
Implementation options:
1.
Set authentication information globally (project overview page), at the group level (group settings), or for individual APIs (documentation page). Supported auth types are shown below:
2.
Manually add the token to the Header or other relevant parameters. We recommend using environment variables for token storage. For example:
Bearer Token: Set a Header named Authorization with the value Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9yJpZCI6, or use an environment variable: Bearer {{AUTH_TOKEN}}.
3.
Set the value in global parameters. All APIs will automatically include global parameters during runtime, eliminating the need for manual configuration per API.
TIP
Refer to the "Auto-Login Implementation" section for details on achieving automatic login via tokens.

3. Automatic Login Method#

This method automatically invokes the login API to complete authentication without manual intervention.

Auto-Login Implementation#

Desired Outcome#

1.
Automatic invocation of the login API without manual intervention.
2.
Preservation of authentication state after successful login to avoid redundant login API calls.

Step-by-Step Guide#

1.
Use an environment variable (e.g., ACCESS_TOKEN) to store login credentials.
2.
If credentials have an expiration time, use an environment variable (e.g., ACCESS_TOKEN_EXPIRES) to store this information.
3.
Create a public script that:
a. Checks if ACCESS_TOKEN has a value and if ACCESS_TOKEN_EXPIRES is still valid. If so, proceed to execution; otherwise, continue to the next step.
b. Uses pm.sendRequest to call the login API and write the returned credentials and expiration time to the environment variables.
4.
Configure APIs requiring authentication:
a. Set the auth verification parameter to {{ACCESS_TOKEN}}.
Set the Authorization header to {{ACCESS_TOKEN}}, or use cookies/other parameters as needed.
Alternatively, set the value in global parameters for automatic inclusion in all API calls.
b. Reference the public script created above in the preprocessor script.

Public Script Example#

TIP
The login credentials in this script are sourced from LOGIN_USERNAME and LOGIN_PASSWORD environment variables. Ensure these are set if you use this code.
If your token doesn't expire, remove ACCESS_TOKEN_EXPIRES-related code.
For pm.sendrequest documentation, click here.
For pm.cookies documentation, click here.
This script provides a robust foundation for implementing auto-login in Apidog. Remember to adjust the login request structure and response handling according to your specific API requirements.
Previous
Apidog collaboration workflow
Next
Basic Concepts
Built with