Login Management

Configure the login procedure for the web service.

If a login is required you must configure it so that so that AppScan can log in to the service.
Limitation: Using API keys as HTTP query parameters is not supported.
Select one of the Login radio buttons:
Configure Login below
If you select this option the lower part of the dialog becomes active and lets you input the following:
  1. Login request: Select a login request from the drop-down list of requests from the description files.
    Note: If the web service implements authorization control using API keys, a login request is not needed, so select None from the drop-down list.
  2. Login credentials: Review and if needed edit the values of Login credentials.
  3. Custom headers: If the service uses custom headers (such as bearer authentication in the Authorization header), click Edit to open the Add Custom Header dialog box. For details see Custom Header tab.
  4. In-Session Detection request: Select an in-session request from the drop-down list. This will be used by AppScan to verify that it is logged in when testing.
Use existing Login configuration
Select if your scan configuration already includes a valid login sequence you can use it.
Record Login sequence in AppScan Configuration > Login Management
Select if the description file does not include a login request. You can use the main AppScan Configuration dialog box to record the Login using the AppScan built-in browser or an external device. This is most likely to be the case when users log in though a user interface, or where JavaScript is involved in the login process. For details see Login Management view.
None
Select if the service does not require logging in.

Next Step: Sequences