Authenticated Endpoints

Stoney uses a test identity to verify protected endpoints.

Setting Up

1. Create a Test User

Create a dedicated user in your system:

Email: stoney-test@yourcompany.com
Role: Standard user

2. Generate a Token

Get a token using your normal auth flow.

3. Store as Secret

Go to Settings → Secrets and add:

Using in Contracts

steps:
  - http:
      method: GET
      path: /api/users
      headers:
        Authorization: "Bearer ${STONEY_TOKEN}"
    expect:
      status: 200

Multiple Identities

For different permission levels:

Troubleshooting

401 Unauthorized — Check token validity and format

403 Forbidden — Test user lacks permissions

Token not substituted — Check secret name matches exactly