Authentication
Configure authentication for APIs that require credentials.
Authentication Types
None
No authentication. Use for public endpoints.
API Key
Send an API key in a header or query parameter.
Header-based (recommended):
- Header Name:
X-API-Key(or your API's header name) - API Key: Your key value
Query parameter:
- Query Parameter:
api_key - API Key: Your key value
Results in: ?api_key=your-key-value
Basic Auth
HTTP Basic Authentication with username and password.
- Username: Your username
- Password: Your password
Pingward encodes these as a Base64 Authorization header:
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=Bearer Token
OAuth2 Bearer tokens or JWTs.
- Token: Your bearer token
Results in:
Authorization: Bearer your-token-hereOAuth2 Client Credentials
For machine-to-machine OAuth2 flows. Pingward will:
- Request a token from the token URL
- Cache the token until it expires
- Automatically refresh when needed
Configuration:
- Token URL:
https://auth.example.com/oauth/token - Client ID: Your client ID
- Client Secret: Your client secret
- Scope: Required scopes (space-separated)
Security
Credential Storage
All credentials are encrypted at rest. Only your workspace members can view or edit them.
Secret Masking
Credentials are never logged or included in error messages. Test results show [REDACTED] for sensitive values.
Rotation
When you rotate credentials:
- Update the test configuration
- Run the test to verify
- No historical data is affected
Troubleshooting
401 Unauthorized
- Verify credentials are correct
- Check if the API key/token has expired
- Ensure required scopes are included
403 Forbidden
- Credentials may be valid but lack permissions
- Check IP allowlists if applicable
- Verify the endpoint allows your authentication method
OAuth2 Token Failures
- Verify the token URL is correct
- Check client ID and secret
- Ensure required scopes are valid