How to Configure Kerberos Authentication in Apidog for API Testing

Kerberos authentication is essential for security, but setup can be complex. Apidog simplifies API testing with native support for both Kerberos and NTLM, making it easy for developers to test secure APIs across Windows, macOS, and Linux. Try Apidog for hassle-free authentication testing.

Scarlett Clarke

Scarlett Clarke

13 May 2025

How to Configure Kerberos Authentication in Apidog for API Testing

If you have trouble with Kerberos configurations and preauthentication failures that keep you up at night, then you are not alone. Even the most seasoned system administrators know the unique frustrations that come with setting up Kerberos authentication.

And you can’t bypass small errors because you know it plays a crucial role in enterprise security as a backbone of authentication protocols for organizations of all sizes. So that’s why your development team needs platforms to test your Kerberos-authenticated APIs, which can be a challenge because, unfortunately, even the most popular testing platforms like Postman do not support it yet or its way too complicated to use like in SoapUI.

That’s where Apidog comes in, offering native support for both Kerberos and NTLM authentication protocols, allowing you to get started with testing Kerberos-authenticated APIs on Windows, Mac, and Linux. Now, whether we’ve caught your interest or not, please continue reading the rest of our blog, where we’ll help you become more familiar with Kerberos, explain its importance, and demonstrate how to use it on our platform.

button

Before diving into the steps, let's take a quick refresher on Kerberos Authentication Protocol—the core of many enterprise security systems.

What is Kerberos Authentication Protocol?

Developed by MIT, Kerberos is a network security authentication protocol that provides a secure way of transmitting user identity data over a network. It’s particularly popular in Microsoft Windows environments and is integral to Single Sign-On (SSO) solutions, allowing users to authenticate once and access multiple services without needing to re-enter passwords.

How Does Kerberos Authentication Work?

At the heart of Kerberos are several key components that work together to ensure secure authentication:

The Kerberos authentication flow is simple yet secure:

  1. The user logs in and requests a TGT from the AS.
  2. The AS verifies the user’s identity and issues a TGT.
  3. To access a service, the user requests a service ticket from the TGS using their TGT.
  4. The TGS verifies the TGT and issues the service ticket.
  5. The user uses the service ticket to authenticate access to the requested service.

In this process, the KDC functions as a central entity, encompassing two key components: the Authentication Server (AS) and the Ticket Granting Service (TGS). The TGT (Ticket Granting Ticket) and service tickets serve as essential credentials to verify identity and authorize access throughout the authentication flow.

This design enables users to authenticate just once (by obtaining a TGT) and then request multiple service tickets as needed, without re-entering their credentials. This approach supports Single Sign-On (SSO), offering a seamless user experience while maintaining robust security within the system.

How Does Kerberos Authentication Work?

Testing Kerberos-Authenticated APIs with Apidog on macOS

Kerberos | Apidog
Kerberos is a network authentication protocol initially developed by the Massachusetts Institute of Technology (MIT) and widely used in many modern computing systems, especially in enterprise environments. Kerberos utilizes symmetric encryption and a trusted third party, known as the Key Distributio…

Now that you understand how Kerberos works, let’s walk through the steps for testing a Kerberos-authenticated API endpoint using Apidog on macOS.

Step 1: Preparation

To start, you’ll need some basic Kerberos-related information that your organization typically provides when using Kerberos authentication:

Before you begin, ensure you’ve downloaded and installed the latest version of Apidog. Note that Apidog’s web version doesn’t support Kerberos, so you must use the desktop client.

Step 2: Modify your local DNS for Kerberos authentication:

Kerberos authentication is typically used within an internal network. To ensure proper connectivity, you’ll need to configure your DNS server to point to your Active Directory (AD) server address.

Step 3: Configure /etc/krb5.conf on macOS

The krb5.conf file is the central configuration for Kerberos. It defines your Kerberos realm and the KDC server address. You’ll need to create or modify this file on your system.

cat /etc/krb5.conf
nano /etc/krb5.conf
[libdefaults]
    default_realm = APIDOG.LOCAL  # Your Kerberos realm name, typically the uppercase form of your organization's domain name

[realms]
    EXAMPLE.COM = {
        kdc = ills7i8hyt2.apidog.local # KDC server address, assumed here to be the FQDN of the domain controller
        admin_server = ills7i8hyt2.apidog.local # Usually the same as the KDC
    }

[domain_realm]
    .apidog.local = APIDOG.LOCAL  # Mapping between domain name and Kerberos realm name, left side is lowercase
    apidog.local = APIDOG.LOCAL

Step 4: Log in to AD Account

To authenticate with Kerberos, you can use either the GUI or CLI tools on macOS.

GUI: Use Ticket Viewer to add your identity. Open Spotlight, search for Ticket Viewer, then add your credentials.

Log in to AD Account

CLI: Alternatively, you can use the kinit command: bash kinit <username@domain>

Check your Kerberos tickets with: bash klist

# Obtain a Ticket for an AD account
kinit <username@domain>
# Check local Tickets
klist

Step 5: Configure Kerberos Authentication in Apidog

Now that you’re logged into your AD account and Kerberos is set up, open Apidog and follow these steps:

Open Apidog and create "New Request."
Configure Auth in Apidog
configuring Kerberos authentication
Testing Kerberos-Authenticated APIs with Apidog on macOS

Troubleshooting 401 Errors

If you encounter a 401 Unauthorized error, check the following:

the event of encountering 401 error

Configuring Kerberos Authentication on Windows

For domain-joined Windows systems, Apidog integrates seamlessly with existing Kerberos configurations. If your system is already part of a domain, no additional configuration is needed to begin testing Kerberos-authenticated APIs.

For non-domain systems, you'll need administrative privileges and valid domain credentials to join the domain and set up Kerberos. Here is the steps involved:

  1. Configure your DNS settings to point to the domain's DNS servers.
  2. Navigate to System Settings > Access Work or School to access domain settings.
  3. Complete the domain joining process by providing the necessary authorized credentials.

Using Apidog to Test NTLM-Authenticated APIs

In addition to Kerberos, Apidog also supports NTLM authentication, commonly used for legacy systems. NTLM is faster but less secure than Kerberos, making it ideal for smaller networks or as a fallback when Kerberos is unavailable.

For NTLM authentication, simply enter your username and password in Apidog’s Auth section and click Send—no additional setup required.

Step 1: Preparation & Modify Local DNS

NTLM authentication is straightforward and only requires your company-provided account and password. Ensure that you have the latest version of Apidog downloaded and registered.

Since NTLM-authenticated endpoints are often accessed within the internal network, make sure your DNS server is configured to point to the Active Directory (AD) server address.

Step 2: Configure Auth in Apidog

Configuring NTLM authentication in Apidog is simple and doesn’t require additional setup.

In the Auth section of Apidog, select NTLM Authentication as the authentication type. You'll be prompted to enter your username and password in the respective fields.

Using Apidog to Test NTLM-Authenticated APIs

Once you've filled in your credentials, click the Send button to complete the authentication process.

Benefits of Kerberos Authentication

Kerberos offers several advantages that make it the preferred authentication method for enterprises:

Conclusion

In modern enterprise environments, both Kerberos and NTLM play critical roles in authentication. While Kerberos offers enhanced security for large-scale deployments, NTLM provides compatibility with older systems and smaller networks.

With Apidog’s native support for both protocols, testing APIs that rely on these authentication methods becomes straightforward, whether you’re working with Kerberos-authenticated services in a Windows, Mac, or Linux environment, or using NTLM for legacy systems.

Apidog helps you test and validate your authentication setup efficiently, saving time and reducing frustration for developers and QA teams. Get started with Apidog today and experience seamless, secure API testing with built-in Kerberos and NTLM support.

button

Explore more

How to Use Google Search Console MCP Server

How to Use Google Search Console MCP Server

This guide details Google Search Console MCP for powerful SEO analytics and Apidog MCP Server for AI-driven API development. Learn to install, configure, and leverage these tools to boost productivity and gain deeper insights into your web performance and API specifications.

30 May 2025

How to Use Claude Code with GitHub Actions

How to Use Claude Code with GitHub Actions

Discover how to integrate Claude Code with GitHub Actions to automate code reviews, fix bugs, and implement features. This tutorial covers setup, workflows, and advanced tips for developers.

29 May 2025

How to Use Google Jules: A Beginners' Guide

How to Use Google Jules: A Beginners' Guide

Master Google Jules with this beginner’s guide. Learn to set up, assign tasks, and review changes with the AI coding assistant to boost your development efficiency.

27 May 2025

Practice API Design-first in Apidog

Discover an easier way to build and use APIs