tools / api-auth-config
API Auth Config Tester
Inspect API auth headers, signing inputs, scopes, environments, and credential wiring for common config mistakes.
4 signals detected. Start with bearer token auth.
Bearer token auth
Bearer-token auth is involved.
Decode claims locally and verify issuer, audience, expiry, scope, and environment.
Missing scope or permission
The credential likely lacks the required permission.
Compare required endpoint scopes with token claims and service-account role bindings.
Request signing failure
Signed request validation may be failing.
Rebuild the canonical string, timestamp, nonce, body hash, and secret selection.
Environment mismatch
Auth config may point at the wrong environment.
Check base URL, issuer, audience, JWKS, callback, and secret names for the same environment.
Authorization: Bearer eyJ...
403 Forbidden missing scope payments:write
X-Signature invalid hmac
API_BASE_URL=https://staging.example.com
DebugTools product
API Auth Config Tester
API Auth Config Tester is a focused DebugTools mini-product for developers. Inspect API auth headers, signing inputs, scopes, environments, and credential wiring for common config mistakes.
Use cases
- Inspect auth, token, header, certificate, cookie, and policy clues safely.
- Find configuration mismatches before sharing logs or screenshots.
- Turn security evidence into a practical fix checklist.
How it works
- Paste or load the snippet you want to inspect in API Auth Config Tester.
- Run the tool in the browser and review the highlighted output.
- Copy, export, or turn the result into the next debugging step.
Privacy
- API Auth Config Tester is local-first. The core workflow runs in your browser and does not require sending pasted content to DebugTools servers.
This tool history
Recent Api Auth Config sessions
Only visits for this tool are shown. Pasted content, tokens, request bodies, and logs are not stored here.