Authorization with a dynamic access token is used to pass dynamic response content to subsequent requests. This is used to validate API authorization.
In this post, we will discuss fetching an access token (dynamic response) with the help of JSON Extractor and passing it as a parameter in the subsequent request using BeanShell Assertion.
To achieve this, we need to create 2 Thread Groups:
Thread Group 1 – To generate Access Token
Thread Group 2 – To pass Access Token to Request
How to set up JMeter to perform the above test
Step 1 – Add Thread Group 1: Thread Group – Authorization Token Generation
1. Add Thread Group
We should provide the name of the Thread Group. In this case, this thread group is used to generate the token, so named Token Generation. We want to generate only 1 token, so the Number of Threads, Ramp-up period, and Loop Count are 1 only.
2. Add HTTP Request Sampler
In the HTTP Request Control Panel, the Path field indicates which URL request you want to send
To add: Right-click on Thread Group and select: Add -> Sampler -> HTTP Request
Add valid credentials in the parameters section.
3. Add HTTP Head Manager
The Header Manager lets you add or override HTTP request headers like can add Accept-Encoding, Accept, Cache-Control
To add: Right-click on Thread Group and select: Add -> Config Element -> HTTP Read Manager
Add Authorization as Headers in Head Manager
4. Add JSON Extractor
To extract the authentication token from the request, we are going to use JMeter JSON Extractor. The process of extracting a variable from a response works as mentioned below:
First, the server sends back a response, then a post-processor, like the JSON Extractor is executed which extracts part of the response and put it into a variable like ${token}.
To add: Right-click on Thread Group and select: Add -> Post Processors -> JSON Extractor
The JSON extractor requires us to follow a few steps, so we can process the JSON correctly.
1) Name – JSON Extractor
2) Apply to – we will use the defaulted Main Sample Only. The option is: The main sample only – the assertion only applies to the main sample
3) Name of created variables – BEARER
4) JSON Path Expressions – access_token
5. Add BeanShell Assertion
An advanced assertion with full access to JMeter API. Java conditional logic can be used to set the assertion result.
To add: Right-click on Thread Group and select: Add -> Assertions -> BeanShell Assertions
Add below-mentioned script in the Script section of BeanShell Assertion
${__setProperty(BEARER, ${BEARER})};
Step 2 – Add Thread Group 2: Thread Group – Main Request
1. Add Thread Group
Provide a name to this Thread Group. I have also provided the number of threads, ramp up, and duration in the thread group as shown in the image
We can also parameterize the values of the number of threads, ramp-up period, and duration using a JMeter property called ___P. You can ask why we are using the property function in JMeter. It is because this makes the JMeter script configurable. We can pass any value through the command line without making any changes in the script.
___P – This is a simplified property function that is intended for use with properties defined on the command line.
If no default value is supplied, it is assumed to be 1. The value of 1 was chosen because it is valid for common test variables such as loops, thread count, ramp-up, etc.
${__P(group1.threads)} – return the value of group1.threads
${__P(THREADS,1)} – This THREADS value will be passed through command line. If no value is passed, by default, it will chose 1 .
Similarly, ramp-up and duration are parameterized.
${__P(THREADS,1)}
${__P(RAMPUP,1)}
${__P(DURATION,1)}
2. Add HTTP Request Sampler
Below-mentioned are the values used in HTTP Request to perform the test
Add a valid request body in the Body Data section (if the request is POST).
3. Add HTTP Head Manager
We have previously extracted the token from the Token Generation request. Now, it’s time to reuse it in the header section of HTTP Head Manager.
Below-mentioned is the values used in the HTTP Request to perform the test.
Authorization = Bearer ${__property(BEARER)}
Step 3 – Adding Listeners to Test Plan
Listeners
They show the results of the test execution. They can show results in a different format such as a tree, table, graph, or log file
We have added listeners – View Result Tree
View Result Tree – View Result Tree shows the results of the user request in basic HTML format
To add: Right-click Test Plan, Add -> Listener -> View Result Tree
Step 4 – Save the Test Plan
To Save: Click File Select -> Save Test Plan as ->Give the name of the Test Plan. It will be saved as .jmx format.
Step 5 – Run the Test Plan
Click on Green Triangle as shown at the top to run the test.
Step 6 – View the Execution Status
Click on View Result Tree to see the status of Run. A successful request will be of a Green colour in the Text Section
Here, we can see that the Token Generation request is successfully processed.
The below image shows that the Main Request is successfully executed too.
Congratulation!! We are able to add an authorization token generated by a request and add it to another request and processed the request using JMeter.
QA Automation Expert 
This is very useful information. I was struggling to get the authorization done in JMeter from long time.
LikeLike
Thanks Iqbal. Please check other blogs on JMeter too
LikeLike
Good work
LikeLike
This is what I was looking from so long. Glad to see this. I tried it and it works exactly as mentioned here. Thanks
LikeLike
how to set token key in Headers as example below
Key : Authorization
Value Token : c0b16ed4f564efde05eeb0939938ce704e9e1220
LikeLike
If you want to add Authorization to Headers in JMeter, go to HTTP Header Manager and under Headers Stored in the Header Manager, use add button and then add Name as Authorization and Value as Bearer c0b16ed4f564efde05eeb0939938ce704e9e1220
LikeLike
THANK YOU FOR THIS COMMENT!!! You helped me a lot!
LikeLike
I’m glad it helped you.
LikeLike
Hi vibssingh,
I am looking to extract the bearer token from one thread but i do not have access_token its coming as response data so i did (.*) for json extractor but in the next thread the bearer token is not being picked up.
can you help me
Regards
#Nipun
LikeLike
You need to save the bearer token that is coming from the response to a variable like here, it is saved to BEARER and then add this as authorization to the next thread. You have to add HTTP Header Manager for the next thread and pass the already created variable here.
LikeLike
I am getting unauthorized 401 error and in response body {“detail”: “Can not identify user!!”}
LikeLike
One of the reasons could be the request body present in your request is not correct. Are you able to create the access token?
LikeLike
Access token is created and then I am checking for session API. How can login be maintined in while session API script is getting executed in jmeter. Pls help.
LikeLike
Sorry, I’m not clear what are you trying to achieve. You have an access token and you want to pass it to session API?
LikeLike
for me the login is working fine with status code 200 but the 2nd script its 307 temporary redirect and also when i am disabling the login thread from where i am generating the token the 2nd script is running fine with same status code 307
LikeLike
Thanks for good article ,if we have multiple HTTP requests in Thread2 ,in first iteration first http request fails because threat 1 and 2 start at same time so it’s missing the token ,however subsequent requests works fine . Do you know how to solve this ?
LikeLike
Hi, Thanks for such good explanation on this topic. Could you also share how to achieve load testing if my bearer token is getting expired in every 10 mins and I want to run my test for longer time.
LikeLike