# Token Based Authentication
vREST supports any type of token-based authentication. In the login API, authentication token can be returned from the test server as part of one of the following:
- Response Body
- Response Header
So, to use token-based authentication, simply follow the steps below:
- First create a test case to login into the test application. As a result, your test application will send the token as part of the response body/header.
- You need to extract this token in a variable in the Variable Extractor tab of the login test case. Below are some examples of extracting tokens from the response body/header.
- Now you can use this token variable
{{token}}in subsequent test cases as per your API format.
# Extracting authentication token from Response Body:
Suppose your login API returns the following response on submitting valid credentials:
{
"output": {
"token": "xyz-authentication-token"
}
}
Then you may extract this token via Variable Extractor sub-tab of login test case, as shown in the below snapshot:
# Extracting authentication token from Response header:
Suppose your login API returns the authentication token as part of response headers (Response header x-auth-token) on submitting valid credentials. Then you may extract this token via the Variable Extractor sub-tab of a login test case with the help of a built-in utility method getHeader, as shown in the below snapshot:
here "x-auth-token" is the name of the response header which carries the authentication token. Please replace this header name with the appropriate header name as per your context.
# Using the extracted token in subsequent requests:
Now, once you have extracted the token, then you may use this extracted token variable in your subsequent requests as per your own needs. Mostly the extracted token is sent as a Request Header Authorization in your subsequent requests and the value may be either Bearer {{token}} or Token {{token}}.