Overview
Themake_http_request
tool in WireMock CLI provides automatic authentication support for HTTP requests through configurable authenticators.
This allows AI agents to make authenticated HTTP calls without credentials being visible to the LLM.
This is most useful when using an AI plus WireMock MCP to explore or “crawl” an API, recording it in order
to create a mock API and OpenAPI description.
For instance, if you wanted to automate the exploration of an internal microservice’s API you would first add an authenticator to your configuration file, start your AI tool, then instruct it to start
crawling the API.
How Authentication Works
- Domain-based Matching: When making an HTTP request, the tool extracts the domain and port from the target URL
- Authenticator Lookup: It searches for a matching authenticator configuration based on the domain
- Automatic Header Injection: If a matching authenticator is found, the appropriate authentication header is automatically added to the request
- Request Execution: The request is executed with the authentication header included
Domain Matching Format
The domain matching key follows this format:hostname:port
for non-standard ports (e.g.,api.example.com:8443
)hostname
for standard ports (e.g.,api.example.com
for HTTPS on port 443)
Configuration Format
Authentication configurations are stored in theconfig.yaml
configuration file under your home directory, in the authenticators
section.
Configuration File Location
The configuration file is located at:- macOS/Linux:
~/.wiremock/config.yaml
- Windows:
%USERPROFILE%\.wiremock\config.yaml
Basic Structure
Supported Authenticator Types
1. Header Token Authenticator
The most common authentication method using a static token in a header. Type:header_token
Configuration Parameters:
headerName
(string): The name of the HTTP header (e.g., “Authorization”, “X-API-Key”)prefix
(string): Optional prefix for the token value (e.g., “Bearer”, “Token”)token
(string): The authentication token value
- With prefix:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
- Without prefix:
X-API-Key: sk-1234567890abcdef