Summary
All mcp__browserstack__* Test Management tools (e.g. listTestCases, createTestCase) fail with:
Unable to connect to BrowserStack Test Management. Please check your credentials and network connection. Please open an issue on GitHub if the problem persists
…even when BROWSERSTACK_USERNAME and BROWSERSTACK_ACCESS_KEY are valid (same credentials return HTTP 200 on the Automate API).
Root cause
In dist/lib/tm-base-url.js the server probes each TM region with:
const authHeader = "Basic " + Buffer.from(`${username}:${accessKey}`).toString("base64");
await apiClient.get({ url: `${baseUrl}/api/v2/projects/`, headers: { Authorization: authHeader } });
For at least some accounts (ours among them), the Test Management API rejects Basic Auth with:
HTTP 401
{"error":"Unauthorized","message":"API-TOKEN value is invalid. Try again with correct token."}
TM on these accounts requires the dedicated API-TOKEN: <token> header — the token issued from Test Management → Settings → API Token, which is distinct from the
account-level access key.
Reproduction
1. Configure the MCP server with a valid BROWSERSTACK_USERNAME / BROWSERSTACK_ACCESS_KEY for an account whose TM API requires an API token.
2. Verify the credentials work against Automate:
curl -u "$BROWSERSTACK_USERNAME:$BROWSERSTACK_ACCESS_KEY" https://api.browserstack.com/automate/plan.json
# → HTTP 200
3. Call any TM tool, e.g. listTestCases with a valid project_identifier.
4. Reproduce directly:
curl -i -u "$BROWSERSTACK_USERNAME:$BROWSERSTACK_ACCESS_KEY" \
https://test-management.browserstack.com/api/v2/projects/
# → HTTP 401, API-TOKEN value is invalid
5. Confirm the same endpoint works with API-TOKEN:
curl -i -H "API-TOKEN: $BROWSERSTACK_API_TOKEN" \
https://test-management.browserstack.com/api/v2/projects/
# → HTTP 200
Reproduced on @browserstack/mcp-server@1.2.14 and @1.2.15-beta.2. Both ship identical tm-base-url.js.
Expected
TM tools authenticate successfully against any BrowserStack account that has TM access.
Suggested fix
1. Read BROWSERSTACK_API_TOKEN (or BROWSERSTACK_TM_API_TOKEN) from env / config.
2. Prefer that over USERNAME:ACCESS_KEY for all TM requests — sent as an API-TOKEN: <token> header rather than Authorization: Basic ....
3. Fall back to Basic Auth only if the token is not configured (preserves existing behavior for accounts where Basic Auth works).
4. Update README "Test Management" section to document the token and where to generate it (Test Management → Settings → API Token).
Extra (minor) — misleading tool description
The listTestCases tool description says:
▎ project_identifier: Identifier of the project to fetch test cases from. This id starts with a PR- and is followed by a number.
This phrasing reads like PR-<numeric-id-from-URL>, but the correct value is the short identifier (e.g. PR-10), not the URL slug (PR-1234567). Worth clarifying alongside
the fix.
Environment
- @browserstack/mcp-server: 1.2.14 (also tested 1.2.15-beta.2)
- Node:
- OS: macOS 15 (Darwin 25.4.0)
---
Summary
All
mcp__browserstack__*Test Management tools (e.g.listTestCases,createTestCase) fail with:…even when
BROWSERSTACK_USERNAMEandBROWSERSTACK_ACCESS_KEYare valid (same credentials return HTTP 200 on the Automate API).Root cause
In
dist/lib/tm-base-url.jsthe server probes each TM region with: