API Testing Challenges 37 and 38 - How To - Use Bearer Tokens

How to complete the Bearer Token challenges to GET and POST the secret note.

Both Challenges 37 and 38 use the Bearer authentication mechanism and are so similar that we have covered them in one post.

Rather than use the `X-AUTH-TOKEN` header, we use the value returned in Challenge 30 for the `X-AUTH-TOKEN` but we add it as `Bearer` token authentication.

In Insomnia, use the "Auth" tab and select "Bearer" authentication. Then the toke value is the value of the `X-AUTH-TOKEN` from Challenge 30.

Issue a GET request on the `/secret/note` end point receive 200 when using the X-AUTH-TOKEN value as an Authorization Bearer token - response body should contain the note

- This challenge is almost a duplicate of the request used in challenge 33
- Ensure there is no custom header with the name `X-AUTH-TOKEN`
- Ensure there is an Auth Bearer header and the value is the same as received in the `/secret/token` response `X-AUTH-TOKEN`

Issue a POST request on the `/secret/note` end point with a note payload e.g. {"note":"my note"} and receive 200 when valid X-AUTH-TOKEN value used as an Authorization Bearer token. Status code 200 received. Note is maximum length 100 chars and will be truncated when stored.

- This is almost a duplicate of challenge 34.
- Ensure there is no custom header with the name `X-AUTH-TOKEN`
- Ensure there is an Auth Bearer header and the value is the same as received in the `/secret/token` response `X-AUTH-TOKEN`

Find the application links and more information at:

Write up of this challenge instructions:

---

Remember to subscribe to this YouTube channel.

Learn more about my books and online training at:

Follow me on: