Set Up JSON Recording for Auth Tokens

Akto allows you to use Chrome Recordings to extract and reuse authentication data like tokens or cookies during API testing. This guide walks you through recording creation, upload, extraction, and configuration.

1. How to Create Chrome Recording

To extract auth tokens or cookies from API calls:

Open Chrome DevTools (Cmd + Option + I on Mac or Ctrl + Shift + I on Windows/Linux).
Navigate to the Recorder tab (enable from Chrome Experiments if hidden).
Click "Start a New Recording" and name the session.
Perform your complete login flow, ensuring any request with access_token, session cookies, or auth_token is triggered.
Stop the recording.
Click the download icon and select “Export as JSON”.

⏱️ Ensure all API calls, especially login/auth, complete within 40 seconds to avoid timeout issues.

2. Add Timeouts of 40 Seconds

Add timeout in each step in the JSON

"timeout": 40000,

Each step in Chrome recording session (especially login flow) should complete in under 40 seconds.

3. Intercept and Locate Auth Tokens / Cookies

Observe where are auth tokens being used in your application.

If your auth tokens are present in cookie, Akto will record it automatically
If your auth tokens are part of headers (eg. authorization or x-csrf-token), then you should tell Akto how to record these tokens while login happening

You can configure which API would have these tokens. eg. say, your token is present in authorization header in /api/v1/user/details , please enter the following in the first section of your json -

            "requests": [
                {
                    "urlRegex": ".*/api/v1/user/.*", // you can use regex too to match more than 1 API
                    "position": "header",
                    "name": "authorization",
                    "saveAs": "authTokenHeader" // we will use this variable name later
                }
            ],

The authTokenHeader value will be returned as cookieMap under aktoOutput.authTokenHeader object

4. How to Write Command to Extract cookieMap or Auth Token

Paste the appropriate JavaScript command into the Token Fetch Command field in Akto.

✅ To extract all cookies as a header (including header-based auth token as described in step(3)):

Object.entries(cookieMap).map(([key, value]) => `${encodeURIComponent(key)}=${encodeURIComponent(value)}`).join('; ')

✅ To extract, say, access_token from localStorage:

"Bearer " + JSON.parse(Object.values(window.localStorage).find(x => x.indexOf("access_token") > -1)).body.access_token

5. How to Upload Chrome Recording

Go to Akto Dashboard > Testing > Test Roles.
Paste a Token Fetch Command to extract the token or cookie (step 4).
Click Upload JSON Recording. Select the recording file after editing (step3)
Akto will extract and verify the token/cookie within a couple of minutes.

After the token is fetched, define how Akto should use it for authentication.

Scroll to the Extract section.
Choose the source:
- Header — to send the token in a request header (e.g., Authorization)
- Body — if the token must be sent in the request body
If you want to extract cookie and use that as the auth token, do the following -
1. Key: Cookie
2. Value: ${x1.response.body.token}
If you want to extract token using step (3) from a different header, please set the following -
- Key: Authorization
- Value: If you are extracting tokens using step(3) above, use ${x1.response.body.aktoOutput.authTokenHeader} to extract the token

Get Support for your Akto setup

There are multiple ways to request support from Akto. We are 24X7 available on the following:

In-app intercom support. Message us with your query on intercom in Akto dashboard and someone will reply.
Join our discord channel for community support.
Contact [email protected] for email support.

PreviousCreate a Test Role NextEdit Auth Flow in Test Roles

Last updated 11 days ago

Was this helpful?