Create a load test with basic authentication

    Add basic authentication using a csv feeder to your Gatling simulation.

    Prerequisites

    • Gatling version 3.13.4 or higher
    • Basic understanding of your preferred programming language
    • Basic understanding of HTTP authentication

    Understanding basic authentication

    Basic authentication requires sending credentials (username and password) in the HTTP header. The credentials are encoded in base64 format in the following format: Basic base64(username:password).

    Step 1: Create the credentials feeder

    Feeders are data collections used in your load test. Learn about feeder types and usage in the feeder reference documentation. For this guide, use a .csv feeder file.

    1. Create a file named credentials.csv in the resources folder of your Gatling project.
    2. Add the following data to the newly created credentials.csv file.
    # resources/credentials.csv
username,password
user1,pass123
user2,pass456
user3,pass789

    Step 2: Create the simulation

    Create a simulation in the src folder of your Gatling project with the following code:

           
    import io.gatling.javaapi.core.*;
import io.gatling.javaapi.http.*;
import static io.gatling.javaapi.core.CoreDsl.*;
import static io.gatling.javaapi.http.HttpDsl.*;
import java.time.Duration;

public class basicAuthJava extends Simulation {

// Set up HTTP protocol with basic auth    
     HttpProtocolBuilder httpProtocol = http
        .baseUrl("https://api.example.com")
        .acceptHeader("application/json")
        .basicAuth("#{username}", "#{password}");

// Load credentials from CSV
    FeederBuilder<String> credentialsFeeder = csv("credentials.csv").circular();

// Define the test scenario
    ScenarioBuilder authenticatedScenario =
      scenario("Authenticated Requests")
          .exec(
              feed(credentialsFeeder),
              http("Get Protected Resource").get("/api/protected-resource").check(status().is(200)),
              pause(2),
              http("Post Protected Data")
                  .post("/api/protected-data")
                  .asJson()
                  .body(StringBody("{\"data\": \"test\"}"))
                  .check(status().is(200)));

// Set up the simulation with open workload model
    {
        setUp(
            authenticatedScenario.injectOpen(
                rampUsers(50).during(Duration.ofMinutes(5)),
                rampUsers(100).during(Duration.ofMinutes(15)),
                rampUsers(0).during(Duration.ofMinutes(10))
            )
        ).protocols(httpProtocol);
    }
}
    import {
  simulation,
  scenario,
  csv,
  pause,
  feed,
  rampUsers,
  StringBody,
  
} from "@gatling.io/core";
import { http, status } from "@gatling.io/http";

export default simulation((setUp) => {
  // Load credentials from CSV
  const credentialsFeeder = csv("credentials.csv").circular();

  // Set up HTTP protocol with basic auth
  const httpProtocol = http
    .baseUrl("https://api.example.com")
    .acceptHeader("application/json")
    // Use built-in basicAuth with dynamic credentials from the feeder
    .basicAuth( "#{username}", "#{password}");

  // Define the test scenario
  const authenticatedScenario = scenario("Authenticated Requests").exec(
    feed(credentialsFeeder),
    http("Get Protected Resource").get("/api/protected-resource").check(status().is(200)),
    pause(2),
    http("Post Protected Data")
      .post("/api/protected-data")
      .asJson()
      .body(StringBody(`{"data": "test"}`))
      .check(status().is(200))
  );

  // Set up the simulation with open workload model
  setUp(
    authenticatedScenario.injectOpen(
      rampUsers(50).during({ amount: 5, unit: "minutes" }), // Ramp up to 50 users over 5 minutes
      rampUsers(100).during({ amount: 15, unit: "minutes" }), // Continue ramping to 100 users over 15 minutes
      rampUsers(0).during({ amount: 10, unit: "minutes" }) // Ramp down to 0 over 10 minutes
    )
  ).protocols(httpProtocol);
});
    import io.gatling.javaapi.core.*
import io.gatling.javaapi.http.*
import io.gatling.javaapi.core.CoreDsl.*
import io.gatling.javaapi.http.HttpDsl.*
import java.time.Duration

class BasicAuthKotlin : Simulation() {
    
// Set up HTTP protocol with basic auth
    val httpProtocol = http
        .baseUrl("https://api.example.com")
        .acceptHeader("application/json")
        .basicAuth("#{username}", "#{password}")

// Load credentials from CSV
    val credentialsFeeder = csv("credentials.csv").circular()

// Define the test scenario
    val authenticatedScenario = scenario("Authenticated Requests").exec(
    feed(credentialsFeeder),
    http("Get Protected Resource")
      .get("/api/protected-resource")
      .check(status().`is`(200)),
    pause(Duration.ofSeconds(2)),
    http("Post Protected Data")
      .post("/api/protected-data")
      .asJson()
      .body(StringBody("""{"data": "test"}"""))
      .check(status().`is`(200)),
    )
  // Set up the simulation with open workload model
    init {
        setUp(
            authenticatedScenario.injectOpen(
                rampUsers(50).during(Duration.ofMinutes(5)),
                rampUsers(100).during(Duration.ofMinutes(15)),
                rampUsers(0).during(Duration.ofMinutes(10))
            )
        ).protocols(httpProtocol)
    }
}
    import io.gatling.core.Predef._
import io.gatling.http.Predef._
import scala.concurrent.duration._

class BasicAuthScala extends Simulation {

// Set up HTTP protocol with basic auth  
  val httpProtocol = http
    .baseUrl("https://api.example.com")
    .acceptHeader("application/json")
    .basicAuth("#{username}", "#{password}")

// Load credentials from CSV
  val credentialsFeeder = csv("credentials.csv").circular

// Define the test scenario
  val authenticatedScenario = scenario("Authenticated Requests").exec(
    feed(credentialsFeeder),
    http("Get Protected Resource")
      .get("/api/protected-resource")
      .check(status.is(200)),
    pause(2),
    http("Post Protected Data")
      .post("/api/protected-data")
      .asJson
      .body(StringBody("""{"data": "test"}"""))
      .check(status.is(200))
  )
  
// Set up the simulation with open workload model
  setUp(
    authenticatedScenario.inject(
      rampUsers(50) during 5.minutes,
      rampUsers(100) during 15.minutes,
      rampUsers(0) during 10.minutes
    )
  ).protocols(httpProtocol)
}

    The code example includes annotations to help you understand how each component contributes to the overall simulation.

    Use the code with your application

    You must update the following URLs to target your application. The provided examples are not functioning basic authentication endpoints. Update the:

    • baseUrl
    • GET endpoint
    • POST endpoint

    Best practices

    1. Never commit real credentials to version control
    2. Use different credentials for different virtual users to avoid rate limiting
    3. Include proper error handling and assertions
    4. Use meaningful pause times between requests
    5. Monitor authentication failures during the test
    6. Consider your target system’s capacity when defining the ramp-up pattern

    This example provides a foundation that you can customize based on your specific testing needs.

    Edit this page on GitHub

    ← Configuration-as-code
    What's new in 3.13 →