How to Obtain and Use Authorization Data

Help Topics
If you would like to communicate with a web application (e.g. REST API) that requires you to obtain and use access token from third-party authentication provider, you can fully automate this workflow with HttpMaster. Here is a sample procedure that you need to follow to successfully obtain access token and use it where applicable:
  • Open project properties from the main application menu or toolbar and switch to 'Authentication' tab.
  • Tick option to obtain authorization data from third-party authentication provider.
  • Specify necessary data:
    • Authorization URL; this is URL where you will authenticate with third-party authentication provider. This data is provided by third-party authentication provider and can contain optional query string with necessary parameters, like 'scope'.
    • Client id; this data is provided by third-party authentication provider when new application is registered.
    • Client secret; this data is provided by third-party authentication provider when new application is registered.
    • Redirect URL; must exactly match redirect URL that you have provided to authentication provider during application registration. This is the address where users will be redirected after successful authentication.
    • URL to exchange authorization code for access token; this is URL where authorization code will be automatically exchanged for access token. This data is provided by third-party authentication provider.
  • Tick option to prompt for authorization data if not yet obtained.
  • Click OK button to apply project properties.
  • Create new request item and specify its properties (URL, request headers, post body). Include global variable for access token (hm-access-token) where applicable, for example, if you need to include access token in URL as 'access_token' query string parameter, specify the following URL (assuming example.com is your domain):
    http://www.example.org?access_token={hm-access-token}
    Note that access token global variable must be enclosed in curly braces.
  • Execute request item; you should be prompted to obtain authorization code and token. Click button to obtain authorization code and access token.
  • Specify your credentials and give permission to the registered application.
  • Obtained authorization code and access token should now be displayed at the bottom of the window. Click 'OK' button to store them in memory while the project is opened.
  • Execution engine will now replace all occurrences of access token global variable in request item definition and execute it.