Authentication
piespector currently supports these auth types:
No AuthBasic AuthBearer TokenAPI KeyCookie AuthCustom HeaderOAuth 2.0
Per-auth details
Section titled “Per-auth details”No Auth
Section titled “No Auth”Sends no auth-specific headers or query parameters.
Basic Auth
Section titled “Basic Auth”Sends Authorization: Basic ... using the configured username and password.
If you add an explicit Authorization header in Headers, that explicit header wins.
Bearer Token
Section titled “Bearer Token”Sends an Authorization header using:
Header PrefixToken
The default prefix is Bearer, but it can be changed.
API Key
Section titled “API Key”API key auth can be applied in one of two places:
- request header
- query string
If you already set the same header or query parameter explicitly, the explicit value wins.
Cookie Auth
Section titled “Cookie Auth”Cookie auth sends the configured cookie name and value inside the Cookie header.
Custom Header
Section titled “Custom Header”Custom Header auth sends a single configured header name and value.
If the same header is also present in Headers, the explicit header wins.
OAuth 2.0
Section titled “OAuth 2.0”The current OAuth support is OAuth 2.0 Client Credentials.
It fetches a bearer token from the configured token endpoint at send time, then uses that token on the real request.
OAuth 2.0 currently supports:
Token URLClient IDClient SecretClient AuthHeader Prefix- optional
Scope
Client Auth can be sent in one of two ways:
Basic Auth headerSend creds in body
Header Prefix defaults to Bearer, but it can be changed.
In previews, piespector shows an inferred Authorization header with a placeholder token. At send time it fetches the real token first.
Request editing
Section titled “Request editing”Authentication is edited from the Auth section on Home, alongside Info, Params, Headers, Body, and Settings.
Placeholder completion is available in text auth fields with Tab.