Forum Discussion

PietroSola's avatar
PietroSola
New Member
4 months ago

Adding custom header to auth profile token call

Hello all,

I currently have a test case with many test steps associated. I am trying to setup a new auth profile to test out a new authorization method, but the new authorization requires a custom header. I have tried using an automation script (the button in the auth manager) and it does not seem to be working. How would I go about attaching custom headers to the authorization/token call if it is setup as an auth profile?

Configuration

1 Reply

  • CarlosValcarcel's avatar
    CarlosValcarcel
    Icon for Staff rankStaff
    2 days ago

    i am not completely sure of your scenario, but try this (ReadyAPI 3.63.0):

    1. In ReadyAPI, open the Navigator panel (left side).
    2. Select your Project (or any node under it).
    3. In the toolbar near the top choose Auth & Security → Auth Manager.
    4. The dialog opens with two tabs:
      • Auth Repository: where you create or configure authorization profiles.
      • Auth Manager: where you assign profiles to requests.
    5. Click the Auth Repository tab → select your Authorization Profile (e.g., OAuth 2.0).
    6. In the profile configuration area you’ll see 2 tabs.

    Even though the UI might not label “Pre-Request” explicitly, you want to add your script in the first script block (before the token request). Here’s what to add:

    // This script runs before the token request is sent
    def hdrName  = 'X-Tenant'
    def hdrValue = 'acme'

    // UI-level headers for the token call
    def h = request.getRequestHeaders() ?: [:]
    h[hdrName] = [hdrValue]
    request.setRequestHeaders(h)

    // Low-level Apache HTTP request object
    def httpReq = context.getProperty('httpRequest')   // org.apache.http.HttpRequest
    httpReq?.removeHeaders(hdrName)
    httpReq?.addHeader(hdrName, hdrValue)

    • While in the Auth Repository tab, select the profile → go to Automation Scripts.
    • In the first script box (the “before token retrieval” or equivalent), paste the code above.
      • Click Apply / OK.
    • Return to the Profile Parameters tab. Then go to a request assigned to that profile → click Get Access Token (or run it via TestRunner) → check the HTTP log or proxy to verify the header X-Tenant: acme is included in the token call.
    • If the profile type is Basic or API Key, the UI may not expose automation scripts. Automation scripting is supported primarily for OAuth 2.0 (and Azure OAuth) flows. 
    • If you assign the profile to a request, the token call might happen automatically, and your script needs to catch that flow.
    • If your server uses a custom or non-browser token endpoint (no UI pages), you won’t use DOM scripting but you still can inject headers via the code above.
    • Make sure you click Get Access Token after updating the script to trigger the token call (and header injection) immediately.

    https://support.smartbear.com/readyapi/docs/en/configure-requests/authentication/authentication-types/oauth-2-0-and-oauth-2-0--azure-/automation-script.html 

    Adding custom header to auth profile token call | SmartBear Community 

    I walked through as many of the above steps as I could, but didn't check it completely.

    Let me know how it goes!