API keys let you access OneTest programmatically — from CI/CD pipelines, test automation frameworks, scripts, and integrations.
Overview
OneTest supports two authentication methods:
| Method | Use Case | Metering |
|---|
| Browser session (JWT) | UI access via browser | Free |
| API key | Programmatic / REST access | Metered (coins) |
API key requests consume coins from your product’s weekly budget. Browser usage is always free. See Usage & Billing for details. Creating an API Key
Go to Settings
Navigate to Settings > API Keys in the OneTest UI
Create New Key
Click ”+ Create API Key” and give it a descriptive name (e.g., “CI Pipeline”, “Test Reporter”)
Copy the Key
Copy the API key immediately — it is only shown once and cannot be retrieved later
Store Securely
Store the key in your CI/CD secrets, environment variables, or secrets manager
API keys are shown only once at creation. If you lose a key, you’ll need to create a new one and update all integrations that use it.
ak_ prefix:
ak_R2HSAH1DBQ8Q9B8PKSR165V7W0BVDRQP
Using API Keys
Include the API key in the Authorization header:
curl -X GET https://tms.onetest.ai/api/gateway/api/v1/tools \
-H "Authorization: Bearer ak_R2HSAH1DBQ8Q9B8PKSR165V7W0BVDRQP" \
-H "Content-Type: application/json"
Examples
curl
Python
GitHub Actions
ReportPortal Agent
# List test cases
curl https://tms.onetest.ai/api/test-management/api/v1/products/{product_id}/test-cases \
-H "Authorization: Bearer ak_YOUR_KEY_HERE"
# Create a test case
curl -X POST https://tms.onetest.ai/api/test-management/api/v1/products/{product_id}/test-cases \
-H "Authorization: Bearer ak_YOUR_KEY_HERE" \
-H "Content-Type: application/json" \
-d '{"title": "Login test", "test_type": "manual", "priority": "p2"}'
import httpx
client = httpx.Client(
base_url="https://tms.onetest.ai/api/test-management",
headers={"Authorization": "Bearer ak_YOUR_KEY_HERE"}
)
# List test cases
response = client.get(f"/api/v1/products/{product_id}/test-cases")
tests = response.json()
- name: Import test results
run: |
curl -X POST \
https://tms.onetest.ai/api/receiver/api/v1/products/${{ vars.PRODUCT_ID }}/import/junit/upload \
-H "Authorization: Bearer ${{ secrets.ONETEST_API_KEY }}" \
-F "file=@test-results.xml"
# reportportal.properties
rp.endpoint = https://tms.onetest.ai/api/receiver
rp.apiKey = ak_YOUR_KEY_HERE
rp.project = my-project
rp.launch = nightly-regression
API Key vs Browser Session
| Aspect | API Key | Browser Session |
|---|
| Format | ak_... (opaque token) | JWT from Clerk |
| Duration | Until revoked | Session-based |
| Metering | Coins per request | Free |
| Use case | CI/CD, scripts, agents | Interactive UI |
| Rate limit | Configurable per product | None |
Revoking Keys
To revoke an API key:
- Go to Settings > API Keys
- Find the key you want to revoke
- Click Revoke
- The key stops working within 5 minutes
Revoked keys are cached for up to 5 minutes. For immediate effect during a security incident, contact support.
Best Practices
Use Descriptive Names
Name keys after their purpose: “GitHub CI”, “Nightly Reporter”, “Jenkins Pipeline”
One Key Per Integration
Create separate keys for each integration so you can revoke them independently
Store in Secrets Manager
Never hardcode keys in source code. Use CI/CD secrets or a vault
Supported Services
API keys work with all OneTest services:
| Service | Base Path | Purpose |
|---|
| Gateway | /api/gateway/ | AI assistant, tools |
| Membership | /api/membership/ | Products, environments, builds |
| Test Management | /api/test-management/ | Test cases, runs, executions |
| Artifacts | /api/artifacts/ | File storage, documents |
| Receiver | /api/receiver/ | Test result ingestion |
