If you would like to communicate with a web application (e.g. REST API) that requires you to obtain and use access token from some authentication provider, you can fully automate this workflow with HttpMaster. Here is a sample procedure that you need to follow to successfully obtain access token and use it where applicable:
-
Open project properties from the main application menu or toolbar and switch to Authentication tab.
-
Tick option to obtain OAuth access data.
-
Specify necessary data:
- Authorization URL; this is URL where you will authenticate with authentication provider. This data is provided by authentication provider and can contain optional query string with necessary parameters, like scope.
- Client id; this data is provided by authentication provider when new application is registered.
- Client secret; this data is provided by authentication provider when new application is registered.
- Redirect URL; must exactly match redirect URL that you have provided to authentication provider during application registration. This is the address where users will be redirected after successful authentication.
- URL to exchange authorization code for tokens; this is URL where authorization code will be automatically exchanged for tokens. This data is provided by authentication provider.
-
Tick option to prompt for authorization data if not yet obtained.
-
Click OK button to apply project properties.
-
Create new request item and specify its properties (URL, request headers, post body). Include global variable for access token (hm-access-token) where applicable, for example, if you need to include access token in URL as access_token query string parameter, specify the following URL (assuming example.com is your domain):
http://www.example.org?access_token={hm-access-token}
Note that access token global variable must be enclosed in curly braces.
-
Execute request item; you should be prompted to obtain OAuth access data. Click corresponding button to start a procedure for obtaining data.
-
Specify your credentials and give permission to the registered application.
-
Obtained authorization code and tokens should now be displayed at the bottom of the window. Click OK button to store them in memory while the project is open.
-
Execution engine will automatically replace all occurrences of access token global variable in request item definition and execute it.