DEV Community

Wanda
Wanda

Posted on • Originally published at apidog.com

Testing Kerberos Authentication for APIs(From 0 to 1)

As companies increasingly rely on Kerberos and NTLM authentication to secure their APIs, developers and testers need tools that handle these authentication methods seamlessly. Here’s a guide on how to set up and test Kerberos and NTLM-authenticated APIs on macOS and Windows, using Apidog. With Apidog’s all-in-one API development capabilities, testing these complex authentication protocols has never been easier.


Why Apidog for Testing Kerberos and NTLM Authentication?

Apidog is designed for API-first development, bringing together API design, documentation, testing, and mocking in a single, user-friendly platform. It’s optimized for authentication testing, including advanced setups like Kerberos and NTLM. This article will walk you through the practical steps for configuring Apidog for these authentication methods on both macOS and Windows, ensuring your API access is secure and validated.


Step-by-Step Guide for Testing Kerberos-Authenticated APIs on macOS

Step 1: Initial Setup and Preparation

In many enterprise environments, each employee has a Kerberos account set up in the Active Directory (AD). Essential information for Kerberos authentication includes:

  • Account Name (e.g., [email protected])
  • Password (with a mandatory first-time change for security)
  • Kerberos Realm (usually the uppercase domain, e.g., APIDOG.LOCAL)
  • KDC Server Address (either an IP or FQDN, such as ills7i8hyt2.apidog.local)

Download the latest Apidog desktop client to access these authentication features, as the web version lacks support for Kerberos due to browser limitations.

Step 2: Modifying DNS for Internal Network Access

Kerberos-authenticated endpoints are typically restricted to internal networks, requiring DNS adjustments to point to the AD server address. This ensures that the endpoints are accessible within Apidog.

Step 3: Configuring the /etc/krb5.conf File

The krb5.conf file, usually found at /etc/krb5.conf, is the main configuration for Kerberos. Here’s how to set it up:

  • Open or create the file:

    cat /etc/krb5.conf
    

If the file doesn’t exist, create it with your preferred text editor, such as nano:

```bash
nano /etc/krb5.conf
```
Enter fullscreen mode Exit fullscreen mode
  • Insert configuration:

    [libdefaults]
        default_realm = APIDOG.LOCAL
    
    [realms]
        APIDOG.LOCAL = {
            kdc = ills7i8hyt2.apidog.local
            admin_server = ills7i8hyt2.apidog.local
        }
    
    [domain_realm]
        .apidog.local = APIDOG.LOCAL
        apidog.local = APIDOG.LOCAL
    

Step 4: Logging in to Your AD Account on macOS

You can authenticate using macOS’s Ticket Viewer or CLI:

  • Open Ticket Viewer, add your identity using your Kerberos credentials, and refresh when necessary.

log in to AD account

  • Alternatively, use the command line:

    kinit username@domain
    klist
    

This logs you into the AD, enabling access to Kerberos-authenticated endpoints in Apidog.

Step 5: Setting Up Kerberos Authentication in Apidog

  1. Open Apidog and create a new request. creating new request at Apidog
  2. Enter your API endpoint URL, then navigate to the Auth section. entering API endpoint URL at Apidog
  3. Select Kerberos as the auth type and input your Service Principal Name (SPN) in the format:

    HTTP/<KDC server address>@<Kerberos realm>
    

checking SPN

Click Send to test the request. Apidog will handle the authentication, returning a successful response if everything is set up correctly.

entering SPN at Apidog

Troubleshooting Tips

server error when testing Kerberos authentication at Apidog

  • Check DNS settings
  • Verify Kerberos configuration in krb5.conf
  • Ensure account credentials are correct
  • Confirm permissions to access the API
  • Refresh expired Kerberos tickets

Testing NTLM-Authenticated Endpoints with Apidog on Windows

NTLM authentication is widely used alongside Kerberos, particularly in Windows environments. Apidog supports NTLM, making it a versatile tool for testing these authentication methods.

Step 1: Initial Setup and DNS Configuration

For NTLM, the only required information is your account credentials. Since NTLM-authenticated endpoints are often accessed internally, configure your DNS settings to point to the AD server.

Step 2: Configuring NTLM Authentication in Apidog

  1. Open a new request in Apidog and select Auth.
  2. Choose NTLM Authentication and enter your username and password.
  3. Click Send to initiate the test.

testing NTLM-authenticated endpoints at Apidog

Apidog streamlines NTLM configuration, handling the complex interactions behind the scenes and letting you focus on the API’s functionality.


Apidog as a Comprehensive API Testing Solution

From Kerberos to NTLM, Apidog simplifies API testing across multiple protocols, especially those requiring secure authentication. Here’s how Apidog can enhance your API-first development:

For developers working with secure, enterprise-level APIs, Apidog offers a solution that’s both powerful and accessible.


Testing APIs with secure authentication doesn’t have to be complicated. Try Apidog today and streamline your API testing workflow, regardless of the authentication protocol you’re using.

Top comments (0)