In the process of constructing API statements through our intuitive wizard or via direct command inputs, you might encounter situations where sensitive data—like authentication tokens or passwords—needs to be securely incorporated into your API requests. To safeguard such confidential data, it is crucial to employ encryption for these values.
Step-by-Step Guide to Encrypting Values for API Requests
To securely transmit encrypted information within an API call, please adhere to the following protocol:
- Navigate to the "Resources" section accessible from the left-hand menu.
- Proceed to "Utilities" in the left nav and click the "Encrypt Text" link.
- Input the sensitive text data that requires encryption into the provided field and click on the "Encrypt" button.
- Upon completion, the text will be encrypted. Ensure to copy this encrypted string for subsequent use.
- When formulating your API request, insert the encrypted string where sensitive data is required. Preface the string with "$encr:" to denote an encrypted value (formatted as "$encr:<encrypted string>").
Acceptable Locations for Encrypted Data within API Requests
Encrypted values are versatile and can be seamlessly integrated into various segments of an API request:
- Endpoint URL Query Parameters: To convey an encrypted token within a URL, append it as a query parameter to the URL, such as "?apikey=$encr:<encrypted string>".
- Request Headers: If encryption is necessary for a header value like "Authorization", incorporate it in this manner: "Authorization: $encr:<encrypted string>".
- Form-data Payloads: Should a form-data field require encryption, such as a password, include it as "password=$encr:<encrypted string>".
- Entire Request Payloads: To encrypt an entire payload, the encrypted string should be the sole content, input as "$encr:<encrypted string>".
Leveraging encryption for sensitive values ensures that critical information remains protected, preventing it from being exposed or logged as plain text within the Action logic or within any generated test reports.
Comments
0 comments
Please sign in to leave a comment.