API Probe Authentication Guide

Learn which auth schemes are supported, where credentials belong, and how to confirm authenticated requests succeed.

Start testing auth

Authentication basics

API Probe supports standard authentication patterns such as API keys, bearer tokens, and other credential-based request schemes when enabled for your account or environment. Access depends on the permissions assigned to your developer or test account, and some protected resources may require specific roles or approved credentials before requests are accepted. Include credentials exactly where the scheme requires them, typically in the Authorization header, a dedicated API key header, or a request field defined by the auth method.

Supported authentication methods

API keys

Use an API key when your integration expects a static credential tied to a project or user. Place the key in the required header or field name specified by the auth scheme, and keep the value unchanged.

Bearer tokens

Use a bearer token for token-based access flows. Send it in the Authorization header with the expected prefix format so the request is recognized as authenticated.

Credential fields

Some workflows pass credentials in a dedicated request body field or query-safe parameter. Only use this pattern when the probe or target API explicitly defines it, and match the required name and format exactly.

Permission prerequisites

Authentication is only valid when the account has the right scope, role, or resource access. Verify that your test identity is allowed to reach the protected API before validating the request.

How to verify authentication

Confirm auth by sending a request with the required credential in the correct location and checking for a successful authenticated response from the target API. A valid result usually means the service recognizes your identity and returns the expected protected data or a permitted action outcome. If the request behaves as intended with the correct header, token, or key format, authentication is working.

Common authentication questions

Where should I put the auth value?

Use the exact location required by the scheme: Authorization header for bearer tokens, a dedicated header for API keys, or the defined request field for credential-based flows.

Do I need special permissions?

Yes, the account or token must have access to the protected resource. Authentication may be technically correct even if the identity lacks the required permission scope.

Can I use any token format?

No. The token or key must match the expected format for the scheme, including any required prefix, header name, or field name.

How do I know the request is authenticated?

Send the request with the correct credential placement and confirm the API accepts it and returns the expected protected result.