Authentication - amitsri/rostyman-releases GitHub Wiki
Authentication
Configure authentication for your requests. Each request can have its own auth or inherit from a parent folder or collection.
Setting Up Auth
- Open a request
- Click the Auth tab
- Select an auth type from the dropdown
- Fill in the required fields
Auth Types
| Type | Description |
|---|---|
| None | No authentication |
| Inherit | Use auth from the parent folder or collection |
| Bearer Token | JWT or opaque token in the Authorization header |
| Basic Auth | Username + password, Base64-encoded |
| API Key | Custom key/value sent as a header or query parameter |
| Digest Auth | Challenge-response authentication |
| OAuth 2.0 | Token-based with multiple grant types |
| OAuth 1.0 | HMAC-SHA1 or PLAINTEXT signing |
| AWS Signature v4 | Amazon Web Services request signing |
| NTLM | Windows domain authentication |
| Hawk | HMAC-based authorization |
OAuth 2.0 Grant Types
| Grant Type | Use Case |
|---|---|
| Client Credentials | Service-to-service (no user involved) |
| Authorization Code | User login flow via browser |
| Authorization Code + PKCE | Mobile apps and SPAs |
| Password | Resource owner credentials (legacy) |
| Implicit | Deprecated, for legacy APIs only |
OAuth flows open an Electron browser window for the authorization step. Tokens are stored and refreshed automatically.
Auth Inheritance
Set auth once on a collection or folder, and all child requests inherit it automatically.
- Collection → Folder → Request — auth flows down the hierarchy
- Requests set to Inherit show the actual inherited values (tokens, keys, etc.) with secrets masked
- The Auth tab shows which parent the auth is coming from
Variable Support
All auth fields support variable substitution:
Token: {{access_token}}
Username: {{api_user}}
API Key: {{api_key}}