Requestly allows you to send authorization data along with your API requests. Authorization data confirms that the sender has permission to access the API.
Request Authorization
Authorization data can be entered in the Authorization tab, which is available at both the collection and request levels. If auth data is specified at the collection level, all APIs in that collection will use it unless they have their own Authorization Data or have selected "NO-AUTH." Requestly automatically populates these authorization details in the relevant parts of the request, based on the selected auth type.
Steps to Add Authorization
Open a Request or Collection
Click on any request or collection to begin setting up authorization.
Access the Authorization Tab
Navigate to the Authorization tab and select the appropriate authorization type from the dropdown menu. Supported authorization types include "No Auth," "Inherit auth from parent," "API Key," "Bearer Tokens," and "Basic Auth."
Enter Authorization Details
Each authorization type has specific fields that must be filled. Below are the details for each type:
No Auth
Requestly won’t send authorization details with a request unless you specify an auth type. If your request doesn’t require authorization, select "No Auth" from the Auth Type dropdown list.
Inherit Auth from Parent
Requestly uses the auth applied at the parent level. The inherited properties are populated when the request is sent. This works for API requests and sub-collections.
API Key
Requestly allows you to send key-value pairs along with the request data. These can be added to either Headers or Query Params. Select "API Key" from the Auth Type list, then enter your key name and value. Choose "Header" or "Query Params" from the "Add to" dropdown list for their inclusion. Variable storage enhances security.
Bearer Tokens
Bearer tokens enable requests to authenticate using an access key such as a JSON Web Token (JWT). Tokens are included in the request header. Select "Bearer Token" from the Auth Type dropdown and enter the token value. For additional security, store the token in a variable and reference it by name.
Requestly appends the token value to the text "Bearer" in the required format in the Authorization header.
Basic Auth
Basic authentication involves sending a verified username and password with your request. Select "Basic Auth" from the Auth Type dropdown. Enter your API username and password in the respective fields. For extra security, store these in variables.
In the request headers, the Authorization header passes the API a Base64 encoded string representing the username and password, appended to the text "Basic."
Test the Request
Click "Send" to ensure that the authorization data is sent along with the API request.
Variable Support and Export
Requestly supports the use of variables in Authorization Values, allowing flexibility and reuse across multiple requests or collections. Variables can store sensitive data securely and simplify updates when values change. For instance, you can define API tokens or credentials as variables and reference them in authorization fields.
While authorization data can be exported alongside requests or collections, note that variable values themselves are not exported. This ensures the security of sensitive data and prevents accidental sharing of confidential information. Users need to define variable values locally when importing shared requests or collections.