Use of dynamic access token for multiple requests in Jmeter

Authorization with a dynamic access token is used to pass the dynamic response content to the subsequent requests. This is used to validate API authorization.

here, we will discuss the fetching access token (dynamic response) with the help of JSON Extractor and pass it as a parameter in the subsequent requests using BeanShell Preprocessor.

applications generate an access token in response to a valid login request and further use it in all the subsequent requests to check the authorization of users.

• A Test Plan (this should be present by default when opening JMeter)

• A Thread Group

• View Results Tree

• HTTP Request — for authentication

• JSON Extractor — to extract the token

• HTTP Header Manager — to append the token for subsequent requests

• HTTP Request — the actual request to be tested

1. Test Plan :

Fig 1

In the above screen, HTTP URL/API Test is the Thread Group, HTTP Cookie Manager is added by default by the Candidate Token is the 1st HTTP Request for authentication, and Candidate_detail is the 2nd HTTP Request — the actual request to be tested.

2. HTTP Request(Candidate Token):

Fig 2 : HTTP Request

Through the Candidate Token HTTP Request, we send our initial authentication request to the server which accepts some parameters (for example Email, First_name, Last_name, etc.) and generates an access token in response, which could be used later in subsequent authorization requests.

3. Create a listener ‘View Results Tree’:

Right-click on Test Plan →Add →Listener →View Results Tree

Now run the script and you will get the following result in the tree:

Fig 3: View Result in Tree

Here we can see that we already got the access_token from the Candidate Token request and the Candidate details request failed because we didn’t add the accesstoken authentication yet in the Candidate_detail request.

4. Add ‘JSON Extractor’ under ‘Candidate _detail Request:

TIP: Right-click on HTTP Request(candidateToken) →Add →Post Processors →JSON Extractor

This is the most important step. We will use it to fetch dynamic access tokens from the response Candidate Token Request. See the below screenshot-

Fig 4: JSON Extractor to fetch the dynamic access token

We will have to set the following parameters for ‘JSON Extractor’:

a) Names of created variables: Name of the variable in which the extracted value will be stored. In our example, it is auth_token.

b) JSON path expressions: Here I have used $.token (expression stats with $ symbol) because from the View Result Tree screenshot (Refer to Fig#3) I can see token is a 1st level element so I put single dot and element name is token, if it was a 2nd level element then I have to put two dots Ex: $.token

c) Match No. (0 for Random): Tells which match should be picked. 0 is used for random. As there is only one token in the JSON response so it should be 1.

d) Default Values: In case of no match which value should be picked. Here I gave TokenNotFound. If access_token is not found then variable auth_token will hold the value TokenNotFound.

5. Add ‘Debug Sampler’ to verify whether the value is stored in the variable auth_token:

Right-click on Thread Group →Add →Sampler → Debug Sampler

Debug Sampler which is the best way to troubleshoot script variable. Now run the script and from View Results Tree you can see that the token value is stored in the auth_token variable successfully.

Fig 5: Debug Sampler

6. Add ‘HTTP Header Manager’ under ‘Candidate detail’ request:

Right-click on the HTTP Request(Candidate_detail) →Add →Config Element → HTTP Header Manager

Here Candidate_detail HTTP Request is the subsequent requests which requires access token in the authorization request.

Add HTTP Header Manager under Candidate_detail request. This is the second most important step. Generally, for applications, it includes all the header requests which should be passed with the HTTP Request. Most importantly we have to pass the token as a Header something like this: Bearer ${auth_token}

Fig 6: Passing the Authorization Bearer token through HTTP Header Manager

7. Add ‘BeanShell PreProcessor’ under the ‘Candidate_detail’ request:

Right-click HTTP Request(Candidate detail) →Add →Post Processors → BeanShell PreProcessor

Add the below code in the script section:

Fig 7: write code in the Beanshell script section

The script that is mentioned in this step, will pass the auth_token value in the Authorization Header for Candidate detail Request.

8. Now run the script and see the result in the View Results Tree:

Here all we can see that both requests are successful and from the Candidate_detail Request tab we can verify that the Authorization header has the value BEARER + auth_token

Fig-8

We can use ‘JSON Extractor’ to capture any dynamic data from the response and then it can be sent to subsequent requests using ‘BeanShell PreProcessor’. This approach makes it very simple to test APIs in which we need to get authentication tokens from the server and then pass it on to all other requests.