How to obtain and use authorization data
If you would like to communicate with a web application (e.g. REST API) that requires you to obtain and use access token from third-party authentication provider, you can fully automate this workflow with HttpMaster. Here is a sample procedure that you need to follow to successfully obtain access token and use it where applicable:
Open project properties from the main application menu or toolbar and switch to 'Authentication' tab.
Tick option to obtain authorization data from third-party authentication provider.
Specify necessary data:
- Authorization URL; this is URL where you will authenticate with third-party authentication provider. This data is provided by third-party authentication provider and can contain optional query string with necessary parameters, like 'scope'.
- Client id; this data is provided by third-party authentication provider when new application is registered.
- Client secret; this data is provided by third-party authentication provider when new application is registered.
- Redirect URL; must exactly match redirect URL that you have provided to authentication provider during application registration. This is the address where users will be redirected after successful authentication.
- URL to exchange authorization code for access token; this is URL where authorization code will be automatically exchanged for access token. This data is provided by third-party authentication provider.
Tick option to prompt for authorization data if not yet obtained.
Click OK button to apply project properties.
Create new request item and specify its properties (URL, request headers, post body). Include global variable for access token (hm-access-token) where applicable, for example, if you need to include access token in URL as 'access_token' query string parameter, specify the following URL (assuming example.com is your domain):
Note that access token global variable must be enclosed in curly braces.
Execute request item; you should be prompted to obtain authorization code and token. Click button to obtain authorization code and access token.
Specify your credentials and give permission to the registered application.
Obtained authorization code and access token should now be displayed at the bottom of the window. Click 'OK' button to store them in memory while the project is opened.
Execution engine will now replace all occurrences of access token global variable in request item definition and execute it.
Copyright © 2018 by Borvid. All rights reserved.