URL Structure & Subdomains

TestKase uses a subdomain-based architecture to separate products while maintaining a unified authentication experience.

Domain Map

Authentication across subdomains

TestKase uses httpOnly cookies with domain=.testkase.com for authentication:

1. You log in at testkase.com/login.
2. The backend sets an authentication cookie scoped to .testkase.com.
3. Your browser automatically sends this cookie to all *.testkase.com subdomains.
4. No re-login needed when switching between products.

This is the same pattern used by other multi-product SaaS platforms — one login, many subdomains.

Page routing

Account pages (main domain)

These always live on testkase.com:

• /login, /signup, /verify-email
• /profile, /change-password, /api-keys
• /admin/* — organization settings, team management, billing, admin AI Credits

If you try to access an account page on a product subdomain (e.g., test-management.testkase.com/profile), you're automatically redirected to testkase.com/profile.

Test Management pages (TMT subdomain)

• /projects — project list (Owner / Admin only)
• /project-selection — project picker (Members)
• /{projectId}/testcases — test cases
• /{projectId}/testcycles — test cycles
• /{projectId}/testplans — test plans
• /{projectId}/requirements, /{projectId}/defects
• /{projectId}/settings/* — project settings

Accessibility pages (accessibility subdomain)

• /web-scanner — scan list
• /web-scanner/new — new scan form
• /web-scanner/{scanId} — scan report
• /workflow-analyzer — workflow analyzer list
• /workflow-analyzer/{scanId} — workflow analyzer report
• /teams — accessibility team management (admin-only)

API endpoints

All API calls go to api.testkase.com/api/v1/.

Authentication methods:

• Cookie — automatically sent by the browser (web app).
• Bearer Token — Authorization: Bearer <jwt> header (Postman, scripts).
• Personal Access Token (PAT) — Authorization: Bearer xyz_<token> (CI/CD, automation).

See the public API docs for endpoint reference.