Katalon API supports the following authentication types to ensure secure access to Katalon API. This guide outlines the available authentication mechanisms and provides examples for implementation.

Authentication Types

HTTP Basic Authentication
Katalon API Key
JSON Web Token (JWT)

HTTP Basic Authentication

This method involves sending your Katalon username and password encoded in Base64 within the HTTP Authorization header.

Implementation Steps

Encode Credentials: Combine your username and password in the format username:password and encode this string using Base64.
Set Authorization Header: Include the encoded string in the Authorization header with the prefix Basic.

Example Request

If your username is admin and your password is admin, the encoded string is YWRtaW46YWRtaW4=.

Note: The equal sign (=) is part of the Base64-encoded string

cURL:

curl --location 'https://api.katalon.com' \
--header 'Authorization: Basic YWRtaW46YWRtaW4='

Katalon API Key

To enhance security and avoid using your username and password directly, you can use a Katalon API Key.

Generate an API Key

The following steps are also documented in Katalon Docs: Generate Katalon API key.

Log in to Katalon TestOps.
Click on your avatar in the top right corner and select User Settings.
Navigate to the Katalon API Key section.
Click Create API Key, provide a name and expiration period, then click Create.
Copy the generated API Key for use in your requests.

Implementation Steps

Encode API Key: Encode your API Key in Base64 with a colon prefix, resulting in :APIKEY.
Set Authorization Header: Include the encoded string in the Authorization header with the prefix Basic.

JSON Web Token (JWT)

JWTs are typically obtained through an authentication process to access protected resources.

Implementation Steps

Login request: Send a POST request to the login endpoint with your email and password to receive a JWT token.
```
curl --location POST 'https://api.katalon.com/' \
--header 'Content-Type: application/json' \
--data-raw '{
  "email": "email@katalon.com",
  "password": "password"
}'
```
This request will return a JSON response containing the JWT token.
```
{
    "data": {
        "jwt": "JWT_TOKEN",
        ...
    }
}
```
Note: If not authorized, you will get a 401 Unauthorized response.

Use the Token: Include the JWT token in the Authorization header with the prefix Bearer.
For example:

curl --location --request GET 'https://testcloud.katalon.com/mts/apps/upload-url' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer your_JWT_here'

Note: Replace Your_JWT_here with the token received from the login response.