Most API endpoints require some form of user/client authentication. In addition, API endpoints may also enforce granular authorization controls on users/clients using role based access control (RBAC) mechanisms.
Effective security testing requires providing valid users and their respective authentication credentials to Levo's autogenerated Test Plans.
This information can be provided in a secure, and structured manner via an
How do I use
environment.yml file is autogenerated per
Test Plan, and needs to be completed with appropriate user/authentication information, prior to the execution of the Test Plan.
The completed file is provided as an argument to the CLI. The CLI uses the credentials to access the target APIs and evaluate their security posture.
secrets sent to Levo SaaS?
environment.yml file contains
secrets and is never sent to, or stored in Levo SaaS. This file is solely consumed by the CLI, and Levo SaaS does not have access to your secrets.
Please treat this file securely, and take all precautions necessary for handling secrets.
Tell me more
You can find more information on providing authentication/authorization information for tests here