Hi,

we are the authors of Web Fuzzing Commons (WFC) (https://github.com/WebFuzzing/Commons).

We are contacting the authors of all the major fuzzers for web APIs, to see if they want to join us in defining a common standard for declarative configuration of authentication information in fuzzing REST APIs.

Instead of authentication scripts, the idea is to provide info in YAML/TOML configuration files, and then let the fuzzers make the actual authentication calls.
This has few advantages: scripts can be reused between different fuzzers (useful for empirical comparisons) and require no coding skills for the users (e.g., testers). It also simplifies supporting test suite outputs in different formats (e.g., Python and Java).
A common standard agreed on by the main fuzzer developers would be beneficial.
Right now, we use it for the fuzzer EvoMaster.

I am going to mention your tool in a "Fuzz Testing Web APIs: Overview of Existing Tools" talk at the next NordicAPIs'25 and TestCon'25 conferences.
If you are attending those conferences, it could be nice to have a chat.

cheers

WFC Team