You send a GET request to an API endpoint that requires an API key in the header X-API-Key. You omit this header. What is the expected HTTP status code in the response?
GET /data HTTP/1.1
Host: api.example.com
Think about what status code means 'authentication required but missing or invalid'.
When an API key is missing, the server responds with 401 Unauthorized to indicate authentication is required.
You have a Postman test script that checks if the API key authentication succeeded by verifying the response status code is 200. Which assertion is correct?
pm.test('API key auth success', function() { // Fill in assertion here });
Success means the server accepted the API key and returned OK.
Status code 200 means the request was successful, so the assertion checks for 200.
In a Postman test script, you want to check the value of the API key sent in the request header X-API-Key. Which code correctly accesses this header?
Request headers are accessed from pm.request.headers.
To get a request header value, use pm.request.headers.get('Header-Name'). Response headers are different.
Here is a Postman test script snippet:
pm.test('API key present', function() {
pm.expect(pm.request.headers.get('X-API-Key')).to.not.be.undefined;
});But the test passes even when the API key header is missing. Why?
Check what value pm.request.headers.get returns if header is absent.
When the header is missing, pm.request.headers.get returns null, not undefined, so the test condition is true and test passes incorrectly.
You want to add an API key stored in the environment variable API_KEY to the request header X-API-Key before sending the request. Which script does this correctly?
Use the method that adds or updates a header correctly in Postman scripts.
upsert adds the header if missing or updates it if present. Other methods either don't exist or don't update properly.