TestNod
Log in Get Early Access
Documentation

TestNod documentation

Learn how to set up TestNod and configure it to help you spot flaky tests, catch regressions, and see how performance changes over time.

Project token authentication for CI uploads

The client endpoints authenticate with a single header: Project-Token. There is no per-user API key, no bearer token, and no OAuth flow on the ingestion path, and every request is scoped to exactly one project.

The Project-Token header

The three client endpoints (upload, finalize, upload_failed) all use the same header:

Project-Token: <your project token>

If the header is missing or does not match a project, the request is rejected with 404 Not Found rather than 401 Unauthorized, so a wrong token cannot be told apart from a project that does not exist.

Finding your project token

  1. Sign in to TestNod and open the project you want to upload to.
  2. Click Project Settings in the project header.
  3. The token appears in the Project Token section, in the field labeled Secret token.

Project Settings page with the Project Token section open and the Secret token field highlighted

Every member of the project's organization can open this page and copy the token. Changing other project settings is restricted to admins, but the token itself stays visible to all members.

Storing the token in CI

Treat the token like any production secret:

  • Add it as a CI secret under a name like TESTNOD_PROJECT_TOKEN. The provider pages in CI integrations show the exact UI.
  • Reference the secret from your pipeline config rather than hard-coding the value.
  • Do not commit the token to your repository, even in a private one. Build logs leak more often than people think.
  • Use a separate token per project. There is no concept of an "organization token" today.

Rotating a token

If a token is exposed, rotate it. Today, rotation is a manual process: contact [email protected] and the TestNod team will issue a new token for the project. Self-service rotation is on the roadmap. While the new token is being issued, in-flight uploads with the old token continue to succeed; uploads after the rotation will need the new value.

What an invalid token looks like

HTTP/1.1 404 Not Found
Content-Type: application/json

{"error_message":"Project not found."}

If you see this from CI but the same curl works from your laptop, the most common cause is the secret name not matching what the pipeline expects, or the secret not being available to the job (for example, GitHub Actions does not expose secrets to forks by default).

Be first to try TestNod

We're opening early access soon. Drop your email and we'll get you in, and we're happy to help you set up too.

No spam. We'll only email you about TestNod.