OpenQAOpenQA
Configuration

Authentication

Configure how OpenQA authenticates with your application to test protected areas.

Authentication Types

TypeUse Case
nonePublic pages only, no authentication needed
basicHTTP Basic Authentication
sessionForm-based login (most common)

No Authentication

For testing public pages only:

bash
1curl -X POST http://localhost:3000/api/saas-config \
2  -H "Content-Type: application/json" \
3  -d '{
4    "name": "My Public Site",
5    "description": "Public website with no login required",
6    "url": "https://my-site.com",
7    "auth": {
8      "type": "none"
9    }
10  }'

Basic Authentication

For sites using HTTP Basic Auth:

bash
1curl -X POST http://localhost:3000/api/saas-config \
2  -H "Content-Type: application/json" \
3  -d '{
4    "name": "My Protected Site",
5    "description": "Site with basic auth",
6    "url": "https://my-site.com",
7    "auth": {
8      "type": "basic",
9      "credentials": {
10        "username": "admin",
11        "password": "secretpassword"
12      }
13    }
14  }'

Session Authentication

For sites with form-based login (most web apps):

bash
1curl -X POST http://localhost:3000/api/saas-config \
2  -H "Content-Type: application/json" \
3  -d '{
4    "name": "My SaaS App",
5    "description": "App with user login",
6    "url": "https://my-app.com",
7    "auth": {
8      "type": "session",
9      "credentials": {
10        "username": "test@example.com",
11        "password": "testpassword"
12      }
13    }
14  }'

💡 Tip: Create a dedicated test account for OpenQA. Don't use production credentials or admin accounts.

How Session Auth Works

When using session authentication, OpenQA will:

  1. Navigate to your login page
  2. Find the login form automatically
  3. Fill in the username and password
  4. Submit the form
  5. Store the session cookie for subsequent requests

Custom Login Flow

If your login flow is non-standard, you can provide additional hints:

bash
1curl -X POST http://localhost:3000/api/saas-config \
2  -H "Content-Type: application/json" \
3  -d '{
4    "name": "My App",
5    "description": "App with custom login",
6    "url": "https://my-app.com",
7    "auth": {
8      "type": "session",
9      "credentials": {
10        "username": "test@example.com",
11        "password": "testpassword"
12      },
13      "loginUrl": "/auth/signin",
14      "usernameField": "email",
15      "passwordField": "pass",
16      "submitButton": "#login-btn"
17    }
18  }'

Environment Variables

You can also configure auth via environment variables:

bash
1SAAS_AUTH_TYPE=session
2SAAS_USERNAME=test@example.com
3SAAS_PASSWORD=testpassword

Security Best Practices

✅ Use a Dedicated Test Account

Create a separate account for OpenQA testing with limited permissions

✅ Use Environment Variables

Store credentials in .env file, not in API calls

✅ Test on Staging First

Run OpenQA against staging/test environments before production

❌ Never Use Admin Credentials

Don't give OpenQA admin access - use a regular user account

Next Steps

SaaS Configuration

Full configuration options

Quickstart

Get started testing