Auth Configurations

Restroom separates authentication from requests. Instead of embedding credentials in each request, you create named auth configurations and attach them to as many requests as you like.

Creating an auth configuration

Open the Security screen from the left toolbar. Click + and choose an auth type.

Auth types

Bearer Token

Adds an Authorization: Bearer <token> header. The token can be a static value or an environment variable:

{{accessToken}}

API Key

Adds a key-value pair either as a header or a query parameter. Useful for APIs that accept keys in either location.

Basic Auth

Adds an Authorization: Basic <base64> header derived from a username and password. The encoding is handled automatically.

OAuth 2.0

Supports the Client Credentials and Authorization Code flows. Configure the token endpoint, client ID, and secret. Restroom fetches and caches the access token, refreshing it automatically when it expires.

Attaching to a request

Open a request, go to the Security tab, and select one or more auth configurations. When you send the request, the selected configurations are applied in order.

Attaching multiple configurations is useful when an API requires both an API key and a Bearer token simultaneously.

Providers

The Providers section lets you configure OAuth identity providers that can be shared across multiple auth configurations. Define the token URL, scopes, and credentials once, then reference the provider in each configuration.

Cookies

The Cookies section shows cookies received from responses, scoped by domain. You can view, edit, or delete individual cookies, and enable/disable automatic cookie handling.