Configuring Bearer Tokens for Load Testing - Web Performance

Configuring Bearer Tokens for Load Testing

A  method of authentication that has become more popular these days is bearer tokens, which require some additional configuration in Load Tester.

You can first tell if a website uses bearer tokens because the site will throw 404 errors when attempting a playback.  Examing the headers will show a header entry called “Authorization” with the format shown below:

The value will appear one or more times.  Some sites just set the value once, and others will try and set it on different parts of a website.

The first thing to do is find where the value appears using the Search Tab on the Response Content:

The next step is to configure an extractor for the bearer token on Page 1, Transaction 6.  This example uses a regular expression, but you could use any of the three extractor types.  Note that this example is specific for this website; other sites may set the token values in different ways, so you’ll need to write an extractor that matches the website you’re testing.

Now that the value will be put into the user variable “BearerToken”, the final step is to configure all of the headers to use this new value.  Go to the Headers Tab and select a view that displays the headers.  Selecting the top-level test case name in the Testcase Editor Tab will select all of the headers for every transaction.  Type in “Authorization” into the Filter input box on the bottom left, and all of the headers to be configured will be selected:

Luckily with Load Tester, you don’t have to edit each one separately!   Select all of the Authorization headers with values, right-click, and select Edit.

Select a Datasource of Concatenation.

Hit the green plus sign and select “Text Constant”.   Enter “Bearer “.   The space after the last “r” is very important.

Hit the green plus sign again and then select a data source of User Variable.  The name should be the one you chose in the extractor.  In this example, it is “BearerToken”.


After you hit “OK”, all of the headers that require bearer tokens will be dynamically configured on playback.  Note that if your particular application changes the bearer token at different spots you’ll need to add more extractors, but that’s not too common.



Add Your Comment

You must be logged in to post a comment.


Copyright © 2024 Web Performance, Inc.

A Durham web design company


(1) 919-845-7601 9AM-5PM EST

Just complete this form and we will get back to you as soon as possible with a quote. Please note: Technical support questions should be posted to our online support system.

About You
How Many Concurrent Users