diff --git a/spec/support/request.rb b/spec/support/request.rb
index e94dcfc93..4c7d224ec 100644
--- a/spec/support/request.rb
+++ b/spec/support/request.rb
@@ -64,25 +64,30 @@ module ZammadSpecSupportRequest
   #  authenticated_as(nil, login: 'not_existing', password: 'wrongpw' )
   #
   # @return nil
-  def authenticated_as(user, login: nil, password: nil, token: nil, on_behalf_of: nil)
-    password ||= user.password
-    login    ||= user.login
+  def authenticated_as(user, via: :api_client, **options)
+    password = options[:password] || user.password.to_s
+    login    = options[:login] || user.login
 
     # mock authentication otherwise login won't
     # if user has no password (which is expensive to create)
-    if password.nil?
+    if password.blank?
       allow(User).to receive(:authenticate).with(login, '') { user.update_last_login }.and_return(user)
     end
 
-    # if we want to authenticate by token
-    if token.present?
-      credentials = "Token token=#{token.name}"
+    case via
+    when :api_client
+      # if we want to authenticate by token
+      if options[:token].present?
+        credentials = "Token token=#{options[:token].name}"
 
-      return add_headers('Authorization' => credentials)
+        return add_headers('Authorization' => credentials)
+      end
+
+      credentials = ActionController::HttpAuthentication::Basic.encode_credentials(login, password)
+      add_headers('Authorization' => credentials, 'X-On-Behalf-Of' => options[:on_behalf_of])
+    when :browser
+      post '/api/v1/signin', params: { username: login, password: password, fingerprint: Faker::Number.number(9) }
     end
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials(login, password)
-    add_headers('Authorization' => credentials, 'X-On-Behalf-Of' => on_behalf_of)
   end
 
   # Provides a Hash of attributes for the given FactoryBot