Most websites require a CAPTCHA to log on. Automated performance tests cannot solve CAPTCHAs, so multi-user logon simulations fail unless the CAPTCHA is bypassed.
To work around this, configure a universal CAPTCHA in your business code -- a fixed value that your application accepts in place of a real CAPTCHA during testing. This keeps the logon flow intact while allowing Performance Testing (PTS) to run unblocked.
Set up a universal CAPTCHA bypass
Configure a universal CAPTCHA in your business code. Define a fixed CAPTCHA value that your backend always accepts. Add a conditional check in your CAPTCHA verification logic that passes validation when this value is received, alongside the standard verification flow.
Add the universal CAPTCHA to the APIs for performance testing. In your PTS scenario, include the universal CAPTCHA value in every API request that requires CAPTCHA validation, typically the logon API. Pass it as the CAPTCHA parameter so the backend accepts every request.
Import a parameter file that contains the usernames and passwords. Create a parameter file with usernames and passwords for your virtual users and import this file into your PTS scenario.
Associate the imported parameters with the relevant APIs. Map each column in the parameter file to the corresponding field in the logon API.
Restrict the universal CAPTCHA to test environments only. If it remains active in production, anyone can bypass CAPTCHA verification. Use environment-specific configuration (for example, an environment variable or a feature flag) to disable the universal CAPTCHA outside of testing. Never commit the universal CAPTCHA value to a public repository.