BestHub
Sign in
Backend Development 6 min read

Five Ways to Store Tokens in API Automated Testing with Python Examples

This article explains five common methods for storing authentication tokens during API automated testing—embedding in scripts, using environment variables, configuration files, databases, and secret management systems—and provides complete Python code samples for each approach.

Test Development Learning Exchange
Test Development Learning Exchange
Test Development Learning Exchange
Five Ways to Store Tokens in API Automated Testing with Python Examples

When performing API automated testing, the location where the authentication token is stored is crucial for both accuracy and security. Below are five common ways to store tokens, each accompanied by a practical Python example.

1. Store in Test Script

Directly defining the token in the test script is the simplest method, but it raises concerns about security and maintainability.

import requests
TOKEN = "your_token_here"

def test_with_token():
    headers = {"Authorization": f"Bearer {TOKEN}"}
    response = requests.get("http://example.com/api/endpoint", headers=headers)
    # 进行验证和断言...

test_with_token()

2. Store in Environment Variable

Storing the token in an OS environment variable separates it from code, improving security and ease of updates.

import os
import requests
TOKEN = os.environ.get("API_TOKEN")

def test_with_token():
    headers = {"Authorization": f"Bearer {TOKEN}"}
    response = requests.get("http://example.com/api/endpoint", headers=headers)
    # 进行验证和断言...

test_with_token()

3. Store in Configuration File

Using a config file (e.g., INI) allows token management without modifying code; Python's configparser can read the value.

import configparser
import requests
config = configparser.ConfigParser()
config.read("config.ini")
TOKEN = config.get("API", "TOKEN")

def test_with_token():
    headers = {"Authorization": f"Bearer {TOKEN}"}
    response = requests.get("http://example.com/api/endpoint", headers=headers)
    # 进行验证和断言...

test_with_token()

4. Store in Database

Persisting tokens in a database (e.g., SQLite) provides flexibility and scalability, allowing dynamic retrieval.

import sqlite3
import requests
# 连接到数据库
conn = sqlite3.connect("tokens.db")
cursor = conn.cursor()
# 获取Token
cursor.execute("SELECT token FROM tokens WHERE id = 1")
TOKEN = cursor.fetchone()[0]

def test_with_token():
    headers = {"Authorization": f"Bearer {TOKEN}"}
    response = requests.get("http://example.com/api/endpoint", headers=headers)
    # 进行验证和断言...

test_with_token()
# 关闭数据库连接
cursor.close()
conn.close()

5. Store in Secret Management System

For higher security requirements, tokens can be kept in dedicated secret management tools such as HashiCorp Vault.

import hvac
import requests
# 连接到Vault
client = hvac.Client(url="http://vault.example.com", token="your_vault_token")
# 获取Token
response = client.read("secret/api/token")
TOKEN = response["data"]["token"]

def test_with_token():
    headers = {"Authorization": f"Bearer {TOKEN}"}
    response = requests.get("http://example.com/api/endpoint", headers=headers)
    # 进行验证和断言...

test_with_token()
# 关闭Vault连接
client.close()

Conclusion

Choosing the appropriate token storage method depends on project needs and security requirements; each of the five approaches has its own advantages and trade‑offs, and following best practices ensures reliable and secure API automated testing.

backendPythonautomationToken ManagementAPI testing
Test Development Learning Exchange
Written by

Test Development Learning Exchange

Test Development Learning Exchange

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment