site/docs/red-team/troubleshooting/connecting-to-targets.md
When setting up your target, use these best practices:
Promptfoo is capable of using authentication, complex protocols, websockets, and more. But you will find it much easier to set up if you use a single HTTP endpoint.
There are a few common issues that can arise when connecting to targets:
If your target requires authentication you will need to provide a valid authentication token.
If you're using a provider like HTTP or WebSocket, you can pass the token in the headers property.
headers:
Authorization: Bearer <token>
If you're making a large number of requests to the target, you may encounter rate limiting. This is a common security measure to prevent abuse.
The solution here is to include a custom header or user agent in your configuration and whitelist this in your target's rate limiting settings.
headers:
User-Agent: Promptfoo
Many chatbots will stream responses back to the client or have the client poll for new messages. The solution here is to set up an alternate HTTP endpoint or parameter to return the response in a single message.
If your target exposes a Realtime WebSocket-compatible API, you can test it directly:
For OpenAI-compatible Realtime targets (including proxies and local/dev deployments), set apiBaseUrl (or OPENAI_API_BASE_URL/OPENAI_BASE_URL). The WebSocket URL will be derived automatically (https→wss, http→ws), allowing you to route through corporate proxies or test on localhost:
providers:
- id: openai:realtime:gpt-4o-realtime-preview
config:
apiBaseUrl: 'http://localhost:8080/v1' # → ws://localhost:8080/v1/realtime
modalities: ['text']