Create API connections
API connections let you define reusable endpoints and settings, such as authentication, timeouts, and encryption, which you can use across your API tests. This keeps your tests consistent and save time on maintenance.
Create a new connection
To create a new connection, follow these steps:
-
Go to
Configurations > API connections and select Create connection. -
Enter your connection details:
Property
Description
Name
Enter a unique name for the connection.
Type
Currently, Tosca Cloud supports HTTP only.
Endpoint
Specify the endpoint to which you want to send messages. This can be a URI, a port, or an IP address.
-
Select Create.
Set up connection details
After you create a connection, you can configure additional settings. Select a connection from the list and use the properties panel on the right to adjust the following:
The connection type defines the technology your connection uses to communicate with the API endpoint. Currently, Tosca Cloud supports HTTP only.
Specify the authentication method for your connection. Select an authentication type and enter the required details.
Select None if the endpoint doesn't require authentication. If you want to provide a custom authorization header in your API message, set authentication to None and add the header manually.
Send a username and password with your request.
Configure the following properties:
|
Property |
Description |
|---|---|
|
Username |
Enter your username. |
|
Password |
Enter your password. |
|
Pre-authenticate |
Enable this option to send authentication details with your first request. Without pre-authentication, the first request doesn't include credentials, and the server returns a challenge before you can authenticate. |
Authenticate requests to Amazon Web Services (AWS) with your access key and secret key.
Configure the following properties:
|
Property |
Description |
|---|---|
|
Access Key |
Enter your AWS access key ID. |
|
Secret Key |
Enter your AWS secret access key. |
|
Session Token |
Optional. Enter your session token if you use temporary credentials. |
|
Service Name |
Enter the name of the AWS service you want to authenticate with. For example, sqs or s3. |
|
Region |
Select the AWS region of the service endpoint. |
Use a certificate file to verify your identity.
Configure the following properties:
|
Property |
Description |
|---|---|
|
Certificate |
Enter the file path to your client certificate. |
|
Passphrase |
Enter your passphrase if your certificate requires one. |
Securely transmit credentials as a hash, so the server never receives your password in plain text.
Configure the following properties:
|
Property |
Description |
|---|---|
|
Username |
Enter your username. |
|
Password |
Enter your password. |
Use certificates stored in a Java Keystore file to authenticate your connection.
Configure the following properties:
|
Property |
Description |
|---|---|
|
Keystore |
Enter the file path to your .jks file. |
|
Keystore Password |
Enter the password if the keystore requires one. |
|
Certificate |
Select the certificate from your keystore. |
|
Certificate Password |
Enter the password if the certificate requires one. |
Authenticate with Kerberos tickets or Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) for Single Sign-On (SSO) in environments that support Kerberos.
Configure the following properties:
|
Property |
Description |
|---|---|
|
Username |
Enter your username. |
|
Password |
Enter your password. |
|
Domain |
Specify the domain of the authentication service. |
Authenticate with the NT LAN Manager (NTLM) challenge-response protocol, common in Windows environments. NTLM verifies user identity without transmitting the password over the network.
Configure the following properties:
|
Property |
Description |
|---|---|
|
Username |
Enter your Windows username. |
|
Password |
Enter your Windows password. |
|
Domain |
Specify the Windows domain against which to authenticate. |
Use token-based authentication. Select a grant type that matches your authorization flow and enter the required details.
Configure the following properties:
|
Property |
Description |
|---|---|
|
Grant Type |
Select how the application receives the access token. The following grant types are available:
|
|
Authorization Endpoint |
Enter the authorization server URI. |
|
Token Endpoint |
Enter the token server URI. |
|
Redirect URI |
Optional. Enter the redirect URI. |
|
Client ID |
Enter the client identifier issued by the authorization server when you registered your application. |
|
Client Secret |
Enter the client secret to authenticate the identity of your application. |
|
Username |
Enter your username. Required for the Password grant type. |
|
Password |
Enter your password. Required for the Password grant type. |
|
Scope |
Optional. Specify the scope of permissions the application requests. Enter one or more space-separated values, for example openid profile. |
|
Send Client Secret |
Specify how Tosca Cloud sends the client secret during authentication.
|
|
Send Origin header |
Specify whether Tosca Cloud should send the CORS (origin) header. The Default option uses the same behavior as in earlier versions. |
|
Code Challenge Method |
Required for the Authorization Code (PKCE) grant type. Select SHA-256 to hash the code verifier or Plain to use it as-is. |
|
Code Verifier |
Optional. To connect the authorization request to the token request, enter a cryptographically random string between 43 and 128 characters long. Use the letters A-Z and a-z, the numbers 0-9, and the characters -._~. If you leave this field empty, Tosca Cloud automatically generates a value. |
Configure XML and Web Services (WS) security for your connection.
From the Elements to Generate dropdown menu, select which security elements you want to include in your messages. Then, select one of the following:
-
Action: Adds a SOAP action element to the SOAPAction header. By default, the system uses the existing SOAPAction header of the message. Disable the default to specify a custom action URL, for example http://CalculatorService/ICalculator/Add.
-
To: Adds an address element that specifies the recipient for your messages. By default, Tosca Cloud uses the URL from the connection and the resource identifier from the message. Disable the default to specify a custom address, for example https://webservice.toscacloud.com/signature.svc.
-
Timestamp: Adds a timestamp element that defines a time period during which the message is valid. Specify the time to live in seconds.
-
Signature: Adds a digital signature that signs selected elements of the message. Configure the signature settings below.
-
Username: Adds a username token in the message header for WS Security. Configure the username settings below.
|
Property |
Description |
|---|---|
|
Type of Signature |
Select Signature in Security Header (SOAP Standard) to sign the SOAP message or Enveloped Signature to sign a specific element within the message. |
|
Elements to Sign |
Select which parts of the message to sign:
|
|
Custom Element Id |
Enter the ID of the element to sign. Required when you select Custom element for Elements to Sign. |
|
Canonicalization Algorithm |
Select the canonicalization algorithm (opens in new tab). Canonicalization ensures that logically equivalent XML documents produce identical signatures. |
|
Digest Algorithm |
Select the digest algorithm (opens in new tab) to calculate the hash value that creates and verifies the signature. |
|
Signature Method |
To generate the signature, select the signature algorithm (opens in new tab). |
|
Key Identifier Type |
Select how to include the public key for signature validation:
|
|
Certificate |
Select the certificate type to use for the signature.
|
|
Property |
Description |
|---|---|
|
Username |
Enter the username for the Web Services (WS) security token. |
|
Password |
Enter the password. |
|
Password Type |
Select Plain text to send the password as-is or Digest to send it in hashed format. |
|
Add Nonce |
Optional. Enable to include a unique random value that prevents replay attacks. |
|
Add Created |
Optional. Enable to include a creation timestamp for the token. |
To route your API requests through a proxy server, specify its address, username, and password.
Configure additional settings, such as response timeout in milliseconds, to control how your connection behaves when it communicates with the API endpoint.
Edit a connection
To update any connection setting, select a connection from the list, change the values in the properties panel, then select Save.
What's next
Create API messages and start using your connections in your API tests.