API Testing OATH 2.0 - Authorization Tab

Im focusing on API testing - I have a couple questions that are more current then ones I researched and found dead ends with no clear direction.

For OATH 2.0 - We noticed that each time we set the Call back URL and all required elements to then copy the link and place in a web browser. We then copy that URL to get the Token and refresh token we have been able to achieve this. and the data populates as expected.

However we notice the we have to enter the information each time under the Authorization tab as it does not appear to save that info. Is this how it works? There is no way to save the entries for the post request under Auth tab?

Is there a way that we can use a test case entry method to enter this data automatically? Should we load it from a test case using the spreadsheet method… We are trying to understand how we can always get a access token and pass this to all the tests without having to manually fill in the Authorization tab each time. Thank you for any direction to achieve this efficiently!


In my opinion, I think access token is secret that we should not store it displayable. Should we store it secretly like Keep passwords secret in katalon studio not using encrypt text tool or [WebUI] Set Encrypted Text | Katalon Docs?

So I think that you are 100% spot on. I agree we take the token with the highest integrity so I agree with you that we should not exploit the token but I do think that it would benefit the users to be able to store the token. I say that because We also use postman and we can request the token and we have access to it to run our collections as needed. Postman has a auto refresh of the access token so we can always have a fresh key to run the API tests.

If we have to manually enter that data each time under authorization just to get a new token so I can effectively run my tests it seem counter intuitive to truly automate? I was just wondering can I pass variables or global strings of those fields through a test case?

Overall it would be nice to be able to to make a call to get the token store that token encrypted. This way once my post request goes out and has that data I have it stored but also have an option to refresh that token with the save authorization information, keeping it encrypted but still passable through all API tests so these can be ran through a Azure Pipeline. This was our goal is to request the token, store and refresh when needed, then run the collection from postman import to Katalon and then to Azure dev ops. Are there solutions that we are not thinking of that Katalon can perform?

1 Like

Hi @QATeam, This post may help you pass tokens/values to test cases: Global Variables and Execution Profile | Katalon Docs

1 Like

Thanks Dave_Evers for the quick recourse much appreciated!!!

1 Like