Forum Discussion

byron's avatar
New Contributor
3 years ago

Where to put API key in RESTful request?

I am trying to use the API (for reference, here: One of the required request elements is an API key. I have the API key and it is working when I make a cURL request (see below), but I can't figure out how to enter it when making the corresponding request in SoapUI.


Does it go in a header and, if so, how would I know what the Name should be?


Or is this something I set in the Authorization tab? Or somewhere else?


Basically this question amounts to, "How do I convert the cURL request below into a request I can make from SoapUI?"


curl -X POST \
  -d "verify[]=delivery" \
  -d "address[street1]=417 Montgomery Street" \
  -d "address[street2]=5" \
  -d "address[city]=SF" \
  -d "address[state]=CA" \
  -d "address[zip]=94104" \
  -d "address[country]=US" \
  -d "address[company]=EasyPost" \
  -d "address[phone]=415-123-4567"


2 Replies

  • richie's avatar
    Community Hero
    Hey byron,

    Easiest way to convert a curl request into a soapui/readyapi! request is to use the verbose switch on the curl request (might be -v, but im remembering from about 5 years ago) to reveal the full RAW details, i.e. full URL, payload and header parms.

    You just then create a new service in soapui using this detail.

    I had a look at the link you provided and it indicates that the API key value is used in Basic Auth as the username (no password required).

    So, once youve setup your request (via the 'new service from uri' input form, click on the Auth button on the bottom of the form.
    Select 'basic auth' to open the basic auth form.
    Input your API key value into the 'username' field, leave the 'password' field blank.
    Select the 'pre-emptive' radio button and that should do it.

    When you submit your request in soapui (after doing the above), if you look at the RAW request details youll see an Authorization header. The value associated with your Authorization header will be your API key (or a base64 encode of it, depending on how they setup the key).

    Hope this helps,

    • byron's avatar
      New Contributor



      You are indeed correct that the syntax for a verbose cURL request involves a "-v". I ran the verbose cURL request and, while the output was very detailed (including, among other details, the Base64 encoding of the "API key"), it still offered no conclusive clues about what type of authentication the server was looking for in a SoapUI request.


      In fact, the verbose output seemed to confirm that the type of authorization was "Basic", but this was misleading because each time I tried a SoapUI request with Basic authorization, it failed. I even tried the Base64 encoding, but without the second factor (i.e., the password), Basic would never work.


      After some fiddling though, I discovered that was actually looking for an OAuth 2 token. I entered the API key exactly as EasyPost gave it to me (no encoding) and made no other changes to SoapUI's default authorization settings...and it worked!


      It's frustrating that EasyPost failed to put anything about OAuth 2 in their documentation (and they refused to discuss this when I emailed them), but at least it's working now. And I've learned a bit more about moving between cURL and SoapUI.