Product News
Connected Devices: Extending Service Provider Visibility Into the Last-mile Network
Read Blog →
Product
Solutions + Industries
Learn
About
Login
Start Free Trial
Request Demo
Network and Application Synthetics

OAuth 2.0 Support for API Tests

The ThousandEyes API test type now supports OAuth 2.0 Client Credentials as an authentication option.
January 16, 2025
Subscribe To Updates

Innovation Overview

Most enterprise APIs are protected behind some type of authentication, and OAuth 2.0 authentication is the most commonly used method. The ThousandEyes API test now provides built-in support for the OAuth 2.0 authentication type, in addition to the existing Basic Auth and Bearer token methods.

Feature Highlights:

  • New Built-in Auth Option: Previously, users would have to manually craft an API step to get a token from the authentication server before they could successfully test the API. A new authentication method, the OAuth 2.0 Client Credentials grant type, is now available within a single API step. 

  • Guided Authentication Setup: API test step builders show the required inputs, educating users to ask for the right information from their application or service admins. 

  • Automatically Save Token: Users can save the retrieved token as a variable to easily reuse in subsequent API steps for endpoint-related testing.

Customer Benefits:

  • Securely Monitor API: The OAuth2.0 option generates a new token for every test round without saving the password and bearer token, effectively minimizing the risk of credential exposure and providing fine-grained control over what data an application can access.

  • Highlight the Authentication Issue: Separate API step details help you easily understand an incident. OAuth 2.0 step 1 can answer the question of whether it was an authentication issue or API request issue. 

Here is a quick demo of how to create an API test using OAuth 2.0: 

  1. Create an API test with Graph API.

  2. On the first step, choose OAuth 2.0 as authentication type.

  3. Fill in authentication details including Token URL, Client ID, Client Secret, and Scope.

  4. Choose Client Authentication option: either send as the Basic Auth header or send as request body.

  5. The retrieved OAuth token is automatically saved for future use. 

  6. Create another step with a separate API call. 

  7. From Bearer token auth, call the saved token by the variable {{OAuth2_Token_Step_1}}

  8. Save the API test and view the API test results.

  9. From Step 1 - OAuth 2.0, view the auth API’s results.

  10. From Step 2 and 3, view the overall API response.

AMERICAS
EUROPE
ASIA