API authentication schemes come in all shapes and sizes. Tokens, HTTP basic auth and OAuth are the most common that our customers use. Different versions of OAuth present different challenges though, with OAuth 1.0a being the most complicated of them all.
Today we're launching native support for OAuth 1.0a in your Runscope API tests. No more complicated scripts or request signing steps, just enter your keys and run your tests.
Simplifying Signatures
If you're unfamiliar with OAuth 1.0a, let's recap how it works. Every request you make to a protected resource on an API that uses OAuth 1.0a needs to be signed using a shared secret that only you and the API provider know, specific to your app. Request signing is a complicated, error-prone process; thankfully made easier by the plethora of libraries for various languages.
When testing or monitoring APIs with Runscope, these signatures were especially hard to generate. Now, paste in your credentials and the request signature will be automatically generated and added to the request:
As you can see in this example, Variables are fully-supported so you can store your keys once for a specific test or all tests within the same bucket.
If your API developer portal doesn't generate keys for you to test with, the Runscope OAuth 1.0a Token Generator can help you out.
More to Come
We'll continue to improve support for different authentication schemes, including looking into ways to address the UI-driven portion of OAuth 1.0a or 2 authorization flows. Help us out by letting us know what your API authentication requirements are.