Skip to content

Auth in environments

In addition to encrypted secrets in environment, it's now possible to store environment-wide encrypted authentication details. The main difference between encrypted secrets and the new authentication support is that if you select an environment for a collection, the authentication details will be used for all requests in the collection.

This is convenient as collections are most often specific to an API and now all requests can use the same authentication details without having to manually configure each request individually.

Any manual configuration for a secret will override the environment authentication (e.g. if you have configured basic auth, then any manually added Authorization header will override the basic auth for that request).

Supported auth mechanisms

  • API key (add key and value as header or query parameter)
  • Basic auth (username and password)
  • Bearer token
  • OpenID Connect (PKCE)

Additional functionality

  • Selecting an environment in Slingshot will now highlight what auth method is used (if any) so it's easy to see what auth details will be sent along any other HTTP configuration.

Next steps

Soon we expect to roll out additional auth methods such as OAuth2, a common auth method used by many APIs.