mock.qa
beta
Home
Start for free
Getting started
Protocols
YAML config file
Endpoint URL
Request matching
Response templating
Data generation
Stateful scenarios
Scripting language
gRPC transcoding
Git branching support
Security features
Playground
Diagnostic logs
Examples
Project roadmap
Privacy policy
Terms of service
Contact Us
Glossary

Security features

Encrypted parameters

Mock.qa offers an encryption feature for users who need to store sensitive data in the config file. This feature uses the RSA cryptographic algorithm to generate a pair of private and public keys for each GitHub account. The private key is stored on the mock.qa server and is never exposed outside of a secure perimeter. The public key is in use by the Encrypt a string dialog in the Tools menu.

Note: The encrypted string should be enclosed in parentheses

encrypt-a-string-dialog

Example of an encrypted string usage:

calls:
- method: greet.Greeter/SayHello
  credentials:
  - type: basic-auth
    user: joe
    password: "$RSA2048:rldEHit9cK7kvhAMPBJBU+YloFipXa8Hnr30S0b8Lgbsdd54NWzyo4k0nCLeSWqsW4U7LJXSTrVjGs0VmmA1l7QFadOIHsqYU8mUToIREq9y8xfSo8M7dzSsbYuqTKUiz5oDWEufzzvy0fNGsUHgdw+pQyaePPMPkYHJE8y31JR61atLM8LorEGmKCAuy/YUEF2UHfNXIQjebncZbbSpe1P1KZ5z5l7UwJhgFVEhMO7WpWTqpHoL8kWYT0FotYtQQXAGLzTys1XEcxlrI4rWtnEZwKSx9ifC1PpIVXp7hgVpZ8BjffVyLtc6V1bkoBfaSEWUFPLX/GWhBWXLFL5zwQ=="

Channel and method credentials

Credentials are a set of information that is used to verify the identity of a user or system. This can include a username and password, a digital certificate, or other forms of identification.

If the credentials are valid, the server will allow the request to proceed. If the credentials are invalid, the server will return gRPC 16 Unauthenticated or HTTP 401 Unauthorized response to the client.

The call credentials section does not overwrite the channel credentials but rather supplements them if any channel credentials have already been specified.

IP white list

IP white list credentials allow specifying a list of IP addresses that are allowed to access the whole service at a channel level or a specific method. This can be useful for preventing unauthorized access or for an additional routing of requests based on a requester address.

Definition:

  - type: ip-white-list
    allowedIps: <sequence>

Examples:

  credentials:
  - type: ip-white-list
    allowedIps:
    - 192.188.53.0/24  # CIDR notation is supported
    - 190.152.123.*    # wildcards are supported
    - "$RSA2048:...."  # encrypted strings are supported
    - 81.214.123.123

Basic auth

HTTP basic authentication works by sending a request to the server with a username and password, which are encoded using base64 encoding and included in an "Authorization" header in the request.

Definition:

  - type: basic-auth
    user: <string>
    password: <string>

Examples:

  credentials:
  - type: basic-auth
    user: joe
    password: "$RSA2048:rldEHit9cK7kvhAMPBJBU+YloFipXa8Hnr30S0b8Lgbsdd54NWzyo4k0nCLeSWqsW4U7LJXSTrVjGs0VmmA1l7QFadOIHsqYU8mUToIREq9y8xfSo8M7dzSsbYuqTKUiz5oDWEufzzvy0fNGsUHgdw+pQyaePPMPkYHJE8y31JR61atLM8LorEGmKCAuy/YUEF2UHfNXIQjebncZbbSpe1P1KZ5z5l7UwJhgFVEhMO7WpWTqpHoL8kWYT0FotYtQQXAGLzTys1XEcxlrI4rWtnEZwKSx9ifC1PpIVXp7hgVpZ8BjffVyLtc6V1bkoBfaSEWUFPLX/GWhBWXLFL5zwQ=="

JWT bearer

JSON Web Token (JWT) bearer authentication is a method of authenticating a user or system by sending a JWT in the "Authorization" header of an HTTP request. Mock.qa verifies the token using provided authority endpoint. If the token is valid, mock.qa validates provided token's audience and claims.

Definition:

  - type: jwt-bearer
    authority: <string>
    audience: <string> # optional
    claims: <string> # optional

Examples:

  credentials:
  - type: jwt-bearer
    authority: https://accounts.google.com/.well-known/openid-configuration 
  credentials:
  - type: jwt-bearer
    authority: https://login.microsoftonline.com/<TENANT>/v2.0/.well-known/openid-configuration?appid=<APP-ID>
    claims: app_user, reader

Useful links:

Client certificate

Client certificate authentication is a method of authenticating a client by using a digital certificate.

There are two different options for how mock.qa validates a client certificate:

  • trustedRootCertificateFiles - a client certificate considered to be valid if it is signed by a provided root certificate. This option matches all valid certificates issued by a root certificate. Note that all certificates in a certification path should be provided - all intermediate and root one.
  • clientCertificateThumbprints - a client certificate considered to be valid if its thumbprint matches a provided one. This option matches only one certificate at once.

Definition:

  - type: client-certificate
    clientCertificateThumbprints: <sequence> # optional
    trustedRootCertificateFiles: <sequence> # optional

Examples:

  credentials:
  - type: client-certificate
    trustedRootCertificateFiles:
      - /client.intermediate.pem
      - /client.root.pem
  credentials:
  - type: client-certificate
    clientCertificateThumbprints:
      - e2d76ab6e3aadede3772daaca5d757f72cb2ff6a
In this article
Encrypted parameters
Channel and method credentials
IP white list
Basic auth
JWT bearer
Client certificate
This site uses cookies to analyze traffic, remember your preferences, and optimize your experience. By using this site you agree with privacy policy.
Learn More
Ok