Access & Credentials
Everything a new tester needs to get into the hosted platform and understand what they can do — before running a single test.
1. Getting an account
Proofarc's hosted platform lives at https://app.proofarc.ai. You do not install anything — it runs in your browser.
Accounts are provisioned by your Proofarc administrator (the person who set up your organization's evaluation tenant, or whoever invited you to test). They:
- Create your user account.
- Assign you a role (see below).
- Confirm at least one environment exists with a default credential so your tests can authenticate.
If you don't have a username/password yet, ask whoever invited you to evaluate Proofarc. There is no public self-service signup on the evaluation tenant.
On first sign-in you may be prompted to change your password — this is expected; set a new one and continue.
2. Roles — what you can do
Every action is gated by your role. Testers are typically ANALYST.
| Capability | VIEWER | ANALYST | ADMIN |
|---|---|---|---|
| View projects, tests, runs, findings, readiness | ✅ | ✅ | ✅ |
| Create / edit / run API, UI, performance & security tests | — | ✅ | ✅ |
Onboard a project (/onboard), add applications & environments | — | ✅ | ✅ |
| Add / edit environment credentials (the vault) | — | ✅ | ✅ |
| Run a Quality Gate | — | ✅ | ✅ |
| Approve a manual quality-gate step | — | — | ✅ |
| Manage users, custom scripts, platform health & audit log | — | — | ✅ |
If a page shows "Access Denied" or an action is greyed out, you likely need a higher role — ask your admin.
3. The one credential your tests need
Authenticated tests resolve a credential from the environment, not from the test. Without one, an authenticated test refuses to run rather than running unauthenticated and calling it green (by design).
- Who sets it: your admin/ANALYST, once per environment.
- Where: in the web UI, Environments → (your environment) → Credentials → Add — enter a username/password (or a static token / API key), give it a tag (e.g.
admin), and mark it default. The secret is stored masked. - Details & the resolution order: see Credential Injection.
If a run fails with a message about no auth flow / no credential resolved for credential_tag, that's this — the environment is missing a credential (or a login endpoint for username/password credentials). It's a loud, fixable error, not a silent 403.
4. Where things live
| I want to… | Go to |
|---|---|
| Sign in | https://app.proofarc.ai |
| Browse the REST API | https://app.proofarc.ai/swagger-ui.html |
| Read these docs | https://docs.proofarc.ai |
| Use AI-assisted / scripted testing | MCP Overview → https://app.proofarc.ai/mcp |
Next steps
- Tester Quick Start — zero to a green test in ~5 minutes
- QA Guide — the full walkthrough of every test type
- Projects & Environments — how the data model is organized