Configuration
Authentication
Configure how OpenQA authenticates with your application to test protected areas.
Authentication Types
| Type | Use Case |
|---|---|
| none | Public pages only, no authentication needed |
| basic | HTTP Basic Authentication |
| session | Form-based login (most common) |
No Authentication
For testing public pages only:
bash
curl -X POST http://localhost:3000/api/saas-config \
-H "Content-Type: application/json" \
-d '{
"name": "My Public Site",
"description": "Public website with no login required",
"url": "https://my-site.com",
"auth": {
"type": "none"
}
}'Basic Authentication
For sites using HTTP Basic Auth:
bash
curl -X POST http://localhost:3000/api/saas-config \
-H "Content-Type: application/json" \
-d '{
"name": "My Protected Site",
"description": "Site with basic auth",
"url": "https://my-site.com",
"auth": {
"type": "basic",
"credentials": {
"username": "admin",
"password": "secretpassword"
}
}
}'Session Authentication
For sites with form-based login (most web apps):
bash
curl -X POST http://localhost:3000/api/saas-config \
-H "Content-Type: application/json" \
-d '{
"name": "My SaaS App",
"description": "App with user login",
"url": "https://my-app.com",
"auth": {
"type": "session",
"credentials": {
"username": "test@example.com",
"password": "testpassword"
}
}
}'💡 Tip: Create a dedicated test account for OpenQA. Don't use production credentials or admin accounts.
How Session Auth Works
When using session authentication, OpenQA will:
- Navigate to your login page
- Find the login form automatically
- Fill in the username and password
- Submit the form
- Store the session cookie for subsequent requests
Custom Login Flow
If your login flow is non-standard, you can provide additional hints:
bash
curl -X POST http://localhost:3000/api/saas-config \
-H "Content-Type: application/json" \
-d '{
"name": "My App",
"description": "App with custom login",
"url": "https://my-app.com",
"auth": {
"type": "session",
"credentials": {
"username": "test@example.com",
"password": "testpassword"
},
"loginUrl": "/auth/signin",
"usernameField": "email",
"passwordField": "pass",
"submitButton": "#login-btn"
}
}'Environment Variables
You can also configure auth via environment variables:
bash
SAAS_AUTH_TYPE=session
SAAS_USERNAME=test@example.com
SAAS_PASSWORD=testpasswordSecurity Best Practices
✅ Use a Dedicated Test Account
Create a separate account for OpenQA testing with limited permissions
✅ Use Environment Variables
Store credentials in .env file, not in API calls
✅ Test on Staging First
Run OpenQA against staging/test environments before production
❌ Never Use Admin Credentials
Don't give OpenQA admin access - use a regular user account