shinyloadtest supports load testing applications served by RStudio Connect or Shiny Server Pro with the following authentication configurations:

  • Connect
    • Password
    • LDAP and Active Directory
    • PAM
  • Shiny Server Pro
    • Flat-File
    • LDAP and Active Directory
    • PAM


shinyloadtest::record_session will automatically detect when an application is protected using a supported authentication scheme and will prompt for a username and password.

If record_session is called from within an RStudio IDE session, two UI dialogs will appear. If it’s called from an R session in a command-line setting, prompts will appear on standard output.

The supplied username and password are used for the duration of the recording to interact with the application, but these credentials are not stored in the recording file.

Load testing

Because credentials are not stored in recordings, a username and password or RStudio Connect API Key must be supplied to shinycannon in order to load test authenticated applications.

shinycannon does not have --user, --password, or --connect-api-key arguments for security reasons, so that these strings will not appear in a process list. Instead, the SHINYCANNON_USER, SHINYCANNON_PASS, and SHINYCANNON_CONNECT_API_KEY environment variables must be set. SHINYCANNON_CONNECT_API_KEY will take preference over SHINYCANNON_USER and SHINYCANNON_PASS.

On Linux and macOS, you can disable history for any command that starts with a space. If using a bash:

$ # Disable history for any command that starts with a space
$ HISTCONTROL=ignoreboth
$  export SHINYCANNON_USER=myUser
$  export SHINYCANNON_PASS=myPass
$ shinycannon recording.log --workers 5 --loaded-duration-minutes 2 --output-dir run1

And if using zsh:

$ # Disable history for any command that starts with a space
$ shinycannon connect_recording.log --workers 5 --loaded-duration-minutes 2 --output-dir run2