Authenticate

Description

Logs the user on to the server and returns the LW-SSO, Light Weight Single Sign On cookie (and QCSession cookie in versions earlier than 2020) for use with all subsequent requests.

For external applications, it logs the user on to the server using the ClientIdKey or ClientSecretKey pair and returns the LW-SSO, Light Weight Single Sign On cookie for use with all subsequent requests.

URL

Authenticate (GET)

When logging on to LoadRunner Enterprise Administration using basic authentication, the URL should be in the format:

/Admin/rest/authentication-point/authenticate

If you are using a multi-tenancy system (versions 2020 SP2 and later), the tenant Unique ID should be added to the URL in the format: 

/Admin/rest/authentication-point/authenticate?tenant=tenant_UID

Example:

GET /Admin/rest/authentication-point/authenticate?tenant=fa128c06-5436-413d-9cfa-9f04bb738df3

AuthenticateClient (POST)

Available in versions: LoadRunner Enterprise 2021 R1 and later

When logging on to LoadRunner Enterprise Administration from an external application, the URL should be in the format:

/Admin/rest/authentication-point/AuthenticateClient

If you are using a multi-tenancy system, the tenant Unique ID should be added to the URL in the format:

/Admin/rest/authentication-point/AuthenticateClient?tenant=tenant_UID

Example:

POST /Admin/rest/authentication-point/AuthenticateClient?tenant=fa128c06-5436-413d-9cfa-9f04bb738df3

Remarks

Authenticate (GET)

This is used for LoadRunner Enterprise's internal (Application) authentication.

To create the request header, encode the string "<user name>:<password>" using Base64. The request header text is "Authorization: Basic <encoded user:password>".

In the header of each request after authentication, your application passes the cookies returned by the authenticate resource.

When your application has completed its work, call logout to release the log-on and session.

For versions earlier than 2020: The tokens time out according to the System Administration settings from Application Lifecycle Management, by default after one hour of inactivity. The LW-SSO token is self-contained.

AuthenticateClient (POST)

This request extends the LoadRunner Enterprise REST API by providing a secure authentication mechanism to run automation tests for users with LDAP and SSO authentication types, and for external applications to access LoadRunner Enterprise's API.

The LoadRunner Enterprise site administrator configures a unique pair of ClientIdKey and ClientSecretKey keys for a specific user, which enables that user to login using a REST API. For details, see Set up API access in the LoadRunner Enterprise Help Center.

In the header of each request after authentication, your application passes the cookies returned by the AuthenticateClient resource.

HTTP Method

GET: Returns the LW-SSO cookie (and QCSession cookie in versions earlier than 2020) when logging on using LoadRunner Enterprise's internal (Application) authentication.

POST: Returns the LW-SSO cookie when logging on from an external application (available in versions 2021 R1 and later).

Request

Headers:

GET: Authorization: Basic <encoded user:password>

POST: For external applications, one of:

  • Content-Type: application/xml

  • Content-Type: application/json

Cookies:

None

Request Body:

GET: None

POST: An XML describing the API access key pair (ClientIdKey, ClientSecretKey) generated by the LoadRunner Enterprise site administrator.

The fields in the request are:

Element Description
ClientIdKey The client ID string for communicating with LoadRunner Enterprise.
ClientSecretKeyThe secret key for communicating with LoadRunner Enterprise. 
GET /Admin/rest/authentication-point/authenticate
Authorization: Basic c2E6

POST Example (.xml):

POST http://my-server:8080/Admin/rest/authentication-point/AuthenticateClient?tenant=fa128c06-5436-413d-9cfa-9f04bb738df3
Content-Type: application/xml

<AuthenticationClient>
  <ClientIdKey>   
      I_KEY_da6cf229-cd61-46b8-9937-78bcac567155
  </ClientIdKey>
  <ClientSecretKey>
      S_KEY_e6b64fd9-29d0-4641-8ceb-36c154e5cd19
  </ClientSecretKey>
</AuthenticationClient>

POST Example (.json):

POST http://my-server:8080/Admin/rest/authentication-point/AuthenticateClient?tenant=fa128c06-5436-413d-9cfa-9f04bb738df3
Content-Type: application/json

{
    "ClientIdKey": " I_KEY_da6cf229-cd61-46b8-9937-78bcac567155",
    "ClientSecretKey": " S_KEY_e6b64fd9-29d0-4641-8ceb-36c154e5cd19"
}

Response

Headers:

None

Cookies:

Version 2020 (or later)

LWSSO_COOKIE_KEY={LwssoCookie};

Versions earlier than 2020

LWSSO_COOKIE_KEY={LwssoCookie};QCSession={QCSessionCookie};

HTML Return Code:

One of the HTTP Return Codes

Upon successful authentication, returns HTTP status 200 (OK).

HTML Body:

None

See Also

logout