Menu
Open source
HTTP Authentication
Scripting examples on how to use different authentication or authorization methods in your load test.
Basic authentication
JavaScript
import encoding from 'k6/encoding';
import http from 'k6/http';
import { check } from 'k6';
const username = 'user';
const password = 'passwd';
export default function () {
const credentials = `${username}:${password}`;
// Passing username and password as part of the URL will
// allow us to authenticate using HTTP Basic Auth.
const url = `https://${credentials}@httpbin.test.k6.io/basic-auth/${username}/${password}`;
let res = http.get(url);
// Verify response
check(res, {
'status is 200': (r) => r.status === 200,
'is authenticated': (r) => r.json().authenticated === true,
'is correct user': (r) => r.json().user === username,
});
// Alternatively you can create the header yourself to authenticate
// using HTTP Basic Auth
const encodedCredentials = encoding.b64encode(credentials);
const options = {
headers: {
Authorization: `Basic ${encodedCredentials}`,
},
};
res = http.get(`https://httpbin.test.k6.io/basic-auth/${username}/${password}`, options);
// Verify response (checking the echoed data from the httpbin.test.k6.io
// basic auth test API endpoint)
check(res, {
'status is 200': (r) => r.status === 200,
'is authenticated': (r) => r.json().authenticated === true,
'is correct user': (r) => r.json().user === username,
});
}
Digest authentication
JavaScript
import http from 'k6/http';
import { check } from 'k6';
const username = 'user';
const password = 'passwd';
export default function () {
// Passing username and password as part of URL plus the auth option will
// authenticate using HTTP Digest authentication.
const credentials = `${username}:${password}`;
const res = http.get(
`https://${credentials}@httpbin.test.k6.io/digest-auth/auth/${username}/${password}`,
{
auth: 'digest',
}
);
// Verify response (checking the echoed data from the httpbin.test.k6.io digest auth
// test API endpoint)
check(res, {
'status is 200': (r) => r.status === 200,
'is authenticated': (r) => r.json().authenticated === true,
'is correct user': (r) => r.json().user === username,
});
}
NTLM authentication
JavaScript
import http from 'k6/http';
const username = 'user';
const password = 'passwd';
export default function () {
// Passing username and password as part of URL and then specifying
// "ntlm" as auth type will do the trick!
const credentials = `${username}:${password}`;
const res = http.get(`http://${credentials}@example.com/`, { auth: 'ntlm' });
}
AWS Signature v4 authentication with the k6-jslib-aws
To authenticate requests to AWS APIs using AWS Signature Version 4, k6 offers the k6-jslib-aws JavaScript library, which provides a dedicated SignatureV4
class. This class can produce authenticated requests to send to AWS APIs using the http
k6 module.
Here’s an example script to demonstrate how to sign a request to fetch an object from an S3 bucket:
JavaScript
import http from 'k6/http';
import { AWSConfig, SignatureV4 } from 'https://jslib.k6.io/aws/0.11.0/signature.js';
const awsConfig = new AWSConfig({
region: __ENV.AWS_REGION,
accessKeyId: __ENV.AWS_ACCESS_KEY_ID,
secretAccessKey: __ENV.AWS_SECRET_ACCESS_KEY,
/**
* Optional session token for temporary credentials.
*/
sessionToken: __ENV.AWS_SESSION_TOKEN,
});
export default function () {
/**
* Create a signer instance with the AWS credentials.
* The signer will be used to sign the request.
*/
const signer = new SignatureV4({
service: 's3',
region: awsConfig.region,
credentials: {
accessKeyId: awsConfig.accessKeyId,
secretAccessKey: awsConfig.secretAccessKey,
sessionToken: awsConfig.sessionToken,
},
});
/**
* Use the signer to prepare a signed request.
* The signed request can then be used to send the request to the AWS API.
*/
const signedRequest = signer.sign(
{
method: 'GET',
protocol: 'https',
hostname: 'test-jslib-aws.s3.us-east-1.amazonaws.com',
path: '/bonjour.txt',
headers: {},
uriEscapePath: false,
applyChecksum: false,
},
{
signingDate: new Date(),
signingService: 's3',
signingRegion: 'us-east-1',
}
);
/**
* The `signedRequest` object contains the signed request URL and headers.
* We can use them to send the request to the AWS API.
*/
http.get(signedRequest.url, { headers: signedRequest.headers });
}
Was this page helpful?
Related resources from Grafana Labs
Additional helpful documentation, links, and articles:
Video
Performance testing and observability in Grafana Cloud
In this webinar, learn how Grafana Cloud k6 offers you the best developer experience for performance testing.
User-centered observability: load testing, real user monitoring, and synthetics
Learn how to use load testing, synthetic monitoring, and real user monitoring (RUM) to understand end users' experience of your apps. Watch on demand.