Skip to main content

Mock Server Security

Beeceptor's HTTP endpoints (or mock servers) are accessible over the Internet by default, giving a convenient way to simulate API endpoints for testing and development purposes. However, to prevent unauthorized use, it's possible to secure these HTTP endpoints with additional HTTP headers. This measure ensures that only requests with specified headers can access the mock server, increasing security.

Configuring Security

To add an additional layer of security, access your endpoint's settings on the Beeceptor and navigate to the 'Endpoint Security' section. Here, you can define a mandatory header required for accessing the mock server. Requests lacking these headers will be automatically rejected, and they will not count against your monthly quota.

If you're using the Authorization HTTP header for product features, you can use x-beeceptor-auth as a required authentication header in Beeceptor, along with a secret value.

configure mock server securely

HTTP Response

Beeceptor responds to unauthorized requests with an HTTP status code of 562 and provides the following response payload:

Needs authorization. Refer to Beeceptor endpoint's security settings.