Authentication

Authentication

Enterprise Tester allows you to authenticate to the REST API via three methods:

  • Session - this allows javascript running within the Enterprise Tester application to access the API as the currently logged in user.
  • Basic - passing the login/password as a header with each request - if security is a concern, this should not be used unless Enterprise Tester is accessed via HTTPS (SSL).
  • OAuth 1.0 - users can authenticate with Enterprise Tester via OAuth and then make requests using the returned access token.

Most users will want to use Basic Auth due to its simplicity, unless building a 3rd party add-on for Enterprise Tester. In this case we recommend the use of OAuth, so your application is not required to store user logins and passwords.

Basic Auth

Basic Auth combined with SSL will often suffice as the authentication mechanism for interacting with the Enterprise Tester API, here is an example of using Curl to retrieve a list of projects from Enterprise Tester with basic auth:

curl -u Administrator:password http://localhost/EnterpriseTester/api/project/650d8904-c145-4f7c-8b65-a02a0092a85f

In this case we are retrieving the project with ID "650d8904-c145-4f7c-8b65-a02a0092a85f" with the login "Administrator" and the password "password".

OAuth 1.0

Enterprise Tester supports OAuth 1.0a.

Implementing an OAuth 1.0a client is outside the scope of this help topic, but the key things required to establish the connection are:

Get Request Token Url

http://localhost/EnterpriseTester/OAuth/Token/GetRequestToken.rails

This is Url that you can retrieve the request token from.

User Authorization Url

http://localhost/EnterpriseTester/OAuth/Authorization/PromptForAuthorization.rails

This is the Url that you send users to, so they can authorize the request for access.

Get AccessToken Url

http://localhost/EnterpriseTester/OAuth/Token/GetAccessToken.rails

This is the Url used to exchange the request token for the access token that you can use to sign all your API requests.

For more information on the mechanics of signing a request with your access token, we recommend that you read through a tutorial on the basic authentication flow in OAuth 1.0, and then subsequently through the specification.