Page tree
Skip to end of metadata
Go to start of metadata

Last updated: May 05, 2019 22:09

To enhance the security of the traffic between automation scripts and the Perfecto Lab, Perfecto has instituted the use of a Security Token used by the different automation tools when activating the Perfecto Lab system. The Security Token is a unique cryptographic key assigned to an authorized user.

The Security Token will become invalid only in the following cases:

  • The user generates a new Security Token. This prevents use of outdated automation scripts, that may have an old token included.
  • The token has not been used for a period of 3 months. This solves the problem of zombie tokens being used, for example when a user quits the company.
  • The owner of the token is disabled or deactivated from the Perfecto Lab.


  1. Use of the Security Token is not supported for On-Prem Perfecto Lab installations.
  2. Users who generated tokens prior to V19.6 (May 2019) will not be able to see the previously generated tokens when using the new Security token generation dialog. The old token is still valid and can be used normally. any new generated tokens will be shown normally.

The Perfecto Security Token system will work properly with installations that support an external Identification Provider (IDP), with some small changes, see below.

Generate a Security Token

The Security Token is generated based on your personal Perfecto Lab credentials. Use the following procedure to generate a new token.

Note: Generating a new Security Token will invalidate any existing token associated with your credentials.

Step 1:

From your Perfecto interface, click on your user name (top right) -> My Security token. 

Step 2:

If you don't have a token previously generated, you can click the "Generate Security Token" button.

if you've previously generated a token, generating a new token will invalidate your previous token. you can select "I want a new token anyway" to generate a new one or to stay with your existing token.

note that invalidating the previous token means that you'll need to change all places where you've used it. 

Step 3:

once generated, you can copy the token and star using it. 

Special Note
  • If you use multiple Perfecto Labs, a separate Security Token needs to be generated for each Perfecto Lab.

In Automation Scripts

Automation scripts should use the tester's Security Token, in place of the username and password, for validation. This should be updated in all automation scripts whenever the tester generates a new token.

Perfecto Native Automation

The transfer to the Perfecto Security Token is transparent to the user and his scripts. This is automatically controlled by the user's session and validated as part of logging into the Perfecto IDE.

Selenium/Appium Scripts

The Perfecto Security Token is added to a Selenium/Appium automation script by using the Perfecto supported securityToken capability. This should replace the use of the user and password capabilities.

//      capabilities.setCapability("user", args[1]);
//      capabilities.setCapability("password", args[2]);
		capabilities.setCapability("securityToken", "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1NTg2MjBmZi1lMTAyLTRlNDAtOTQwNy03Y2U2MzMzODMzYTgiLCJleHAiOjAsIm5iZiI6MCwiaWF0IjoxNDk0MjM1NjA1LCJpc3MiOiJodHRwczovL2F1dGguYXdzLXN0Zy5wZXJmZWN0b21vYmlsZS5jb20vYXV0aC9yZWFsbXMvcWF0ZXN0bGFiLXBlcmZlY3RvbW9iaWxlLWNvbSIsImF1ZCI6Im9mZmxpbmUtdG9rZW4tZ2VuZXJhdG9yIiwic3ViIjoiNDVjYmE3OTYtOGUxZS00MDZmLWJiODAtMTVhNTgxOGZmYzk3IiwidHlwIjoiT2ZmbGluZSIsImF6cCI6Im9mZmxpbmUtdG9rZW4tZ2VuZXJhdG9yIiwic2Vzc2lvbl9zdGF0ZSI6ImIxODU5Y2JiLWUwZGUtNDI4OS04NGYzLTdmZjY5ZGNhMWE2MyIsImNsaWVudF9zZXNzaW9uIjoiNGU3YjFhNGEtMmJhNi00ZTNmLWFkYzgtNmNkNjNhYTA1MGQ5IiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsInZpZXctcHJvZmlsZSJdfX19.UhkpFwRp5KnwEKr8uk08PuH0wIucdv-9_1dX8to0qcR_rMelEgn6E4US8vp-ZAJSIMiEsND49PTo3Fd_2IbHrGGcddQK4_dGy7dmHrtdt1_SOphu5QkJQgoqgzngNoJrTr1XPAiiTYsb1iRg3sGHywekMgMrUnoj3ecc-CoBTepiJpa-cd3Wc_zWf2EAuHReCNRvoaMpKN6YoMzrX39WQDR08PBMlTPN74oEMMzjIkavHb1TGRiVDuB-uDmrH2i822oDlg501k_llC8zisA7pWJkf03iYeAHitXPbQPOK8L4_qUV2BGPMY3Ul9prutsQIalYCHkgEQQU0IB_6CO6fQ");

if the Security Token is either incorrectly supplied (for example, missing some characters) or invalid - the script will fail on a Perfecto Exception with a message:

"Access denied - cannot authenticate user"

UFT Authentication

After creating your personal security token, use it to authenticate your user when logging into the UFT testing tool.

  • Create your personal Security Token, as described above.
  • Copy the Security Token, as described above.
  • From the UFT Settings  (Tools→Settiings) window -
    • Select to Login with - Security Token
    • Paste your Security Token directly into the text field.
    • Click OK.

Future connections to UFT will be performed with this Security Token.