​

Wizard E2E Smoke Test - Authentication Guide

​

Required Headers for Wizard API Calls

​

1. Authorization Header (REQUIRED)

Authorization: Bearer <JWT_TOKEN>

• Source: JWT token stored in localStorage under key 'payroll_auth_data'
• Retrieval: Frontend calls auth.getToken() from dashboard/src/lib/auth.ts
• Required for: All wizard endpoints (/api/v1/intake/*, /api/v1/ingestion-wizard/*)

​

2. X-Org-Id Header (CONDITIONAL)

X-Org-Id: <org_id>

• If JWT has org_id (org-scoped user): Do NOT send X-Org-Id header. Backend uses JWT org_id.
• If JWT org_id is null (platform admin): MUST send X-Org-Id header with selected org ID.
  • Source: localStorage.getItem('agent_mapping_selected_org_id') or provided by caller
  • Frontend logic: dashboard/src/lib/orgHeader.ts → getOrgHeader()

• Intake endpoints persist batches with org_id=None (tenant-wide scope)
• However, middleware may still require X-Org-Id header for platform admins
• If you’re a platform admin, include the header even though the batch will have org_id=None

​

Production Smoke Test Script

1. Accepts TOKEN (and optional ORG_ID) as environment variables
2. Tests all wizard endpoints: Upload → Map → Discover → Preflight → Process
3. Prints status codes and key response fields

$env:TOKEN="your-jwt-token"
$env:ORG_ID="optional-org-id"  # Only if platform admin
.\scripts\smoke_test_wizard.ps1

​

CI-Safe E2E Test

• Uses TestClient with dependency_overrides to bypass JWT auth
• Mocks storage upload + BigQuery client calls
• Validates route orchestration without requiring real credentials
• Tests error cases (zero rows, missing canonical rows)