Generate security tokens

To enhance the security of the traffic between automation scripts and the Perfecto Lab, Perfecto has instituted the use of a security token used by the different automation tools when activating the Perfecto Lab system. The security token is a unique cryptographic key assigned to an authorized user.

The security token becomes invalid only in the following cases:

  • The user generates a new security token. This prevents the use of outdated automation scripts that may have an old token included.
  • The token has not been used for a period of 3 months. This solves the problem of zombie tokens being used, for example when a user leaves the company.
  • The owner of the token is disabled or deactivated from the Perfecto Lab.
Important: Actively used tokens (tokens that are regularly utilized) do not expire.

The Perfecto security token system works properly with installations that support an external Identification Provider (IDP).

This section describes how to generate a token through the Perfecto UI and use it in your automation scripts. You can also generate a token via the public API.

To use the generated token in API calls, you need to include it in the header. For details, see Smart Reporting Public API > Headers.

Restriction: Use of security tokens is not supported for On-Prem Perfecto installations.

Step 1 | Generate a security token

Perfectogenerates the security token based on your personal Perfecto Lab credentials. If you use multiple Perfecto Labs, you need to generate a separate security token for each Perfecto Lab instance.

Generating a new security token invalidates any existing token associated with your credentials. This means that you need to change the token in all the places it is used.

To generate a security token:

  1. In the Perfecto UI at <YourCloud> (where YourCloudis your actual cloud name, such asmobilecloud), click your user name and select My security token.

  2. In the My security token dialog box, click Generate Security Token.

  3. Click Copy to clipboard. Then paste it into any scripts that you want to run with Perfecto

  4. Click Close.

Step 2 | Use the security token in automation scripts

For validation, automation scripts should use the tester's security token instead of the username and password. Whenever you generate a new token, you need to update it in all of your automation scripts.

You add the Perfecto security token to a Selenium/Appium automation script by using the Perfecto supported securityToken capability. This should replace the use of the user and password capabilities. For example:

//      capabilities.setCapability("user", args[1]);
//      capabilities.setCapability("password", args[2]);
        capabilities.setCapability("securityToken", "<your_token>");
Important: If the security token is either incorrectly supplied (for example, missing some characters) or invalid, the script fails with a Perfecto Exception, resulting in the following message: Access denied - cannot authenticate user