# Token Based Authentication

vREST supports any type of token-based authentication. In the login API, authentication token can be returned from the test server as part of one of the following:

  1. Response Body
  2. Response Header

So, to use token-based authentication, simply follow the steps below:

  1. First create a test case to login into the test application. As a result, your test application will send the token as part of the response body/header.
  2. You need to extract this token in a variable in the Variable Extractor tab of the login test case. Below are some examples of extracting tokens from the response body/header.
  1. Now you can use this token variable {{token}} in subsequent test cases as per your API format.

# Extracting authentication token from Response Body:

Suppose your login API returns the following response on submitting valid credentials:

{
    "output": {
        "token": "xyz-authentication-token"
    }
}

Then you may extract this token via Variable Extractor sub-tab of login test case, as shown in the below snapshot:

# Extracting authentication token from Response header:

Suppose your login API returns the authentication token as part of response headers (Response header x-auth-token) on submitting valid credentials. Then you may extract this token via the Variable Extractor sub-tab of a login test case with the help of a built-in utility method getHeader, as shown in the below snapshot:

here "x-auth-token" is the name of the response header which carries the authentication token. Please replace this header name with the appropriate header name as per your context.

# Using the extracted token in subsequent requests:

Now, once you have extracted the token, then you may use this extracted token variable in your subsequent requests as per your own needs. Mostly the extracted token is sent as a Request Header Authorization in your subsequent requests and the value may be either Bearer {{token}} or Token {{token}}.