Shared variables

Shared Variables are reusable key-value pairs that can be defined once and used across multiple API configurations. They promote efficiency, consistency and reduce redundancy when setting up tests.

What are shared variables?

Shared variables allow you to store commonly used values  such as user IDs, tokens or  environment-specific parameters in one place and reference them throughout your API test configurations.

For example, you can define a variable like:

Variable Name: employee_id  

Value: 12345

Then use it in your API endpoint by wrapping the variable name in double curly brackets:

Example: https://yourapiurl.com/api/getemployee?id={{employee_id}}

Anywhere you include {{employee_id}} in your API requests it will automatically be replaced with the assigned value during testing.

How to add a shared variable

1. Go to the Shared resources section in your API configuration.
2. Under the Shared variables tab, click the “Add variable” button with a “+” icon.
3. Enter the variable name and its value.
4. Click “Save”. The variable is now ready to be reused across your API tests.

Shared authorizations 

Shared authorizations let you store and reuse common authorization credentials across multiple APIs and configurations. This ensures consistency and reduces duplication of effort when managing security tokens or keys.

What are shared authorizations?

Instead of manually adding an API key or token to each endpoint, you can define a shared authorization variable once and reference it wherever needed using double curly brackets.

For example:

Variable name: token  

Type: API Key  

Value: xadx

You can then use {{token}} in headers, query parameters, or wherever the authorization is required.

How to add a shared authorization

1. Navigate to the Shared resources section in your API configuration.
2. Click on the Shared authorizations tab.
3. Click the “Add authorization” button with a “+” icon.
4. Enter the variable name, select the authorization type ( API Key, Bearer Token, Basic auth, OAuth 2.0), and input the value.

If you choose the API Key authorization type then:

• Enter Key and value and  it can either be added to the Header or Query Params by clicking on them.
• Click “Save”.  The shared authorization is now ready to be used across your test configurations.

If you choose the Bearer token authorization type then:

• Enter the token string in the Token field.
• Click “Save” to create the shared authorization

If you choose Basic auth authorization type then:

• Enter the Username and Password
• Click Save to store the credentials securely.

If you choose 0Auth 2.0 authorization type:

OAuth 2.0 provides advanced authorization with multiple grant types. Ideal for integrations requiring token refresh and fine-grained access.

Fill in the required fields in the form:

1. Set Authorization Data to Request headers or Request URL
2. Grant Type Options as:

• Implicit
• Password Credentials
• Client Credentials 

3. Access Token URL

Provide the endpoint used to fetch the access token from your authorization server.

4. Client ID

Enter the client ID assigned to your application.

5. Client Secret

Enter the client secret associated with your client ID.

6. Username

Provide the username for the account being authenticated (used in Password Credentials grant type).

7. Password

Provide the corresponding password.

8. Scope

Define the access level required. This can be left blank if not needed.

9. Header Prefix

Set the prefix to be used in the Authorization header. Defaults to Bearer if left empty.

10. Click Save** **to store your OAuth 2.0 settings and enable authenticated API testing.

Shared system variables

Shared system variables are automatically generated variables based on your application's configuration. These are designed to promote consistency and reduce manual effort by allowing reuse across multiple configurations.

• You cannot manually edit these variables.
• They automatically update whenever your application settings change.
• Examples include variables like app_url, project_name, and timestamp.

Navigate to the Shared resources section and select the Shared system variables tab to view them.

Default headers

Default headers are applied automatically to every API request you make. This ensures headers such as API keys, content types or any custom headers are consistently sent across all your configurations.

• These headers will apply globally unless explicitly overridden in specific API setups.
• You can add a new header using the "Add header" button on the left with a “+” icon.
• Enter the Key and Value in the provided field and click “add” to successfully add default headers.

Default authorization

Default authorization lets you apply a single authentication method across all your APIs unless a specific one is defined.

• This is useful when your APIs share a common auth mechanism like an API key, token or credentials.
• Once set, this default method is automatically applied to all requests, saving you from configuring auth repeatedly
• If any individual API has its own authorization setup, it will override the default
• To set up default Authorization click on the “ Set up Default Authorization” button

There are 4 authorization types(API Key, Bearer Token, Basic auth, OAuth 2.0)

If you choose the API Key authorization type then:

• Enter Key and value and  it can either be added to the Header or Query Params by clicking on them.
• Click “Save”.  The shared authorization is now ready to be used across your test configurations.

If you choose the Bearer token authorization type then:

• Enter the token string in the Token field.
• Click “Save” to create the shared authorization

If you choose Basic auth authorization type then:

• Enter the Username and Password
• Click Save to store the credentials securely.

If you choose 0Auth 2.0 authorization type:

OAuth 2.0 provides advanced authorization with multiple grant types. Ideal for integrations requiring token refresh and fine-grained access.

Fill in the required fields in the form:

1. Set Authorization Data to Request headers or Request URL
2. Grant Type Options as:

• Implicit
• Password Credentials
• Client Credentials 

3. Access Token URL

Provide the endpoint used to fetch the access token from your authorization server.

4. Client ID

Enter the client ID assigned to your application.

5. Client Secret

Enter the client secret associated with your client ID.

6. Username

Provide the username for the account being authenticated (used in Password Credentials grant type).

7. Password

Provide the corresponding password.

8. Scope

Define the access level required. This can be left blank if not needed.

9. Header Prefix

Set the prefix to be used in the Authorization header. Defaults to Bearer if left empty.

10. Click Save** **to store your OAuth 2.0 settings and enable authenticated API testing.

Role-based default authorization

In setups where API access differs based on user roles, you can configure default authorization per role.

Steps to set it up:

1. Navigate to the Role Based Auth section under the Application tab in the dashboard.
2. Select a role from the list of previously created roles.
3. Click Setup Default Authorization to define the authentication method (such as API Key, Token, Basic Auth, or OAuth).
4. If certain APIs under this role require a different authorization method, enable the toggle to override the default for those specific APIs.

How to add roles?

1. Click the Add Role button with a “+” icon in the Roles panel.
2. A popup titled "Add Role" will appear.
3. Enter the desired role name and click Save.
4. The role will be added successfully and appears in the list.

API

• Navigate to the APIs section from the left sidebar
• Click on “Add group” to create a new group for organizing your APIs
• You can also use existing groups like "Default" or create groups with custom names for better clarity
• Inside a group, click on “+ New API” to begin configuring a new API.
• You can manage multiple APIs under each group.
• On the right panel under API details, fill in the following:
• Group name: Choose the group from the dropdown
• API name: Enter a descriptive name for the API 
• Method & URL: Select the HTTP method (GET, POST, etc.) and enter the API endpoint URL.

There are four main tabs available for API configuration:

1. Parameters – Add query parameters and their values.

• Under the Parameters tab, click “+ Add parameter”
• Enter the Key, Value, and choose whether to Include the parameter in the request.

2. Authorization – Add authentication method if required

Three options are available:

• No auth: Use this if the API is public and doesn't require any credentials or tokens.
• Auth without role: This option applies authorization without role-specific restrictions. You can use this for general tokens or keys that don’t vary by user role.

You can select multiple roles by ticking the checkbox next to each applicable one. The default authorization associated with each selected role will then be applied automatically.

• Auth with role: Choose this to assign the API to specific roles. You can select multiple roles (e.g., admin, editor) that can access this API.

Beagle Security applies default authorization for each selected role.

You can also toggle "I need to apply a non-default authorization" to use a custom one from Shared authorizations.

3. Headers

• Click on the “+ Add header” button.

A new side bar will appear where you can:

• Enter the Key 
• Enter the corresponding Value
• Choose whether to include it in the request by clicking the toggle button

You can add multiple headers if needed.

4. Body configuration

Select the appropriate body type:

• None – if the request does not require a body.
• Form Data – for multipart/form-data submissions 
• x-www-form-urlencoded – for standard form submissions.
• Raw – for JSON, XML or plain text payloads.

If you choose Form data:

• Click “+ Add form data”
• Fill in the Key, Type and Value. Click “Save”
• Repeat to add more fields as required.

          If you choose “x-www-form-urlencoded”

• Provide the Key and Value.
• These values will be sent as URL-encoded form fields in the request.

If you choose “Raw” 

Choose a format from the dropdown options

• TEXT
• JSON
• XML
• HTML

Enter the raw body content manually in the provided text area.

GraphQL configuration

1. Click on the specific GraphQL API from the list
2. On the right side, click the Edit button
3. In the edit view, you can:

• • Update the API name and URL if needed.
  • Choose your preferred method of configuration:
  • • Direct Schema Edit
    • Upload Schema
    • Fetch Schema (requires you to provide authentication details)

4. In the Query dropdown, select the desired query to test.
5. Once done, click Save to apply your changes.

Running automation

Follow these steps to run an automation on your API collection:

1. Navigate to the Run automation tab from the left sidebar or within your API project view.
2. Select the collection you want to run.
3. Choose the environment or configuration if applicable.
4. Click Run Automation to begin sending requests to all defined endpoints in the selected collection.
5. The system will execute each request and evaluate the responses to identify vulnerabilities, misconfigurations, or unexpected behaviors.
6. Once completed, review the Automation Results to analyze performance, response codes, and any potential issues found.

Error resolver

Go to the Error Resolver section under your API configuration panel.

The tool will scan your API definition and highlight any issues, such as:

• Declared variables without values
• Missing headers or authentication tokens
• Malformed requests or data type mismatches

You can manually update the relevant section. Once corrections are made, click Save to apply changes.

Updated on: 24/10/2025