Skip to main content

Digest Auth

HTTP Digest Authentication is a challenge-response mechanism. The server sends a challenge (nonce) and the client responds with an MD5 hash. Because it involves server-side computation, Digest is handled entirely in the Electron main process — not in the browser.

Setup

  1. Select Digest Auth
  2. Enter Username and Password

Rostyman handles the challenge-response handshake automatically:

  1. Sends the initial request
  2. Receives the 401 with WWW-Authenticate: Digest ... header
  3. Computes the response hash (MD5, with qop/nc/cnonce support)
  4. Resends with the Authorization: Digest ... header

Both fields support {{variables}}.

The CLI runner (rosty-cli) performs the identical 401-challenge handshake, so collections that use Digest auth run the same way in CI as they do in the app.

note

Other challenge/signature schemes live on their own pages: see AWS Signature v4 and OAuth 1.0.