Bird
Raised Fist0
Postmantesting~20 mins

Basic authentication in Postman - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepTraceTryChallengeAutomateRecallFrame

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Basic Auth Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
What does Basic Authentication encode?
In Basic Authentication, what is the format of the encoded string sent in the Authorization header?
AMD5 hash of the username only
BBase64 encoding of username and password joined by a colon
CPlain text username and password separated by a comma
DSHA256 hash of the password only
Attempts:
2 left
💡 Hint
Think about how username and password are combined before encoding.
Predict Output
intermediate
2:00remaining
What is the Authorization header value?
Given username 'user1' and password 'pass123', what is the correct Authorization header value in Basic Authentication?
Postman
import base64
credentials = 'user1:pass123'
encoded = base64.b64encode(credentials.encode()).decode()
print(f'Basic {encoded}')
ABasic dXNlcjE6cGFzczEyMw==
BBasic dXNlcjE6cGFzczEyMw
CBasic dXNlcjE7cGFzczEyMw==
DBasic dXNlcjE6cGFzczEyMw===
Attempts:
2 left
💡 Hint
Check the exact Base64 encoding of 'user1:pass123'.
locator
advanced
1:30remaining
Identify the correct Postman setting for Basic Auth
Where in Postman do you set the username and password for Basic Authentication?
AUnder the Authorization tab, select 'Basic Auth' and enter username and password fields
BIn the Headers tab, manually add 'Authorization' header with encoded value
CIn the Params tab, add username and password as query parameters
DIn the Body tab, add username and password as form-data
Attempts:
2 left
💡 Hint
Postman has a dedicated place for authentication types.
assertion
advanced
1:30remaining
Which test script assertion verifies Basic Auth success?
In Postman test scripts, which assertion correctly checks that the server accepted Basic Authentication by returning status 200?
Postman
pm.test('Basic Auth success', () => {
    pm.response.to.have.status(200);
});
Apm.test('Basic Auth success', () => { pm.response.to.have.status(500); });
Bpm.test('Basic Auth success', () => { pm.response.to.have.status(401); });
Cpm.test('Basic Auth success', () => { pm.response.to.have.status(200); });
Dpm.test('Basic Auth success', () => { pm.response.to.have.status(404); });
Attempts:
2 left
💡 Hint
Success means HTTP 200 OK status.
🔧 Debug
expert
2:30remaining
Why does this Postman Basic Auth test fail?
This Postman test script fails even though the username and password are correct. What is the likely cause? pm.test('Check Auth', () => { pm.response.to.have.status(200); pm.expect(pm.request.headers.get('Authorization')).to.eql('Basic dXNlcjE6cGFzczEyMw=='); });
AThe Authorization header value is case sensitive and must be 'basic' lowercase
BThe Authorization header is automatically removed by Postman before sending
CThe Authorization header value includes 'Basic ' prefix, missing in the assertion
DThe Authorization header value is dynamic and should be retrieved from pm.request.headers without hardcoding
Attempts:
2 left
💡 Hint
Check how the Authorization header is accessed and compared in the test.

Practice

(1/5)
1. What does Basic Authentication in Postman primarily require to access a protected API?
easy
A. A username and password
B. An API key only
C. A token generated by OAuth
D. No credentials, just the URL

Solution

  1. Step 1: Understand Basic Authentication

    Basic Authentication requires a username and password to verify identity.

  2. Step 2: Identify Postman's method

    Postman uses these credentials to add an Authorization header automatically.

  3. Final Answer:

    A username and password -> Option A

  4. Quick Check:

    Basic Auth = username + password [OK]
Hint: Basic Auth always needs username and password [OK]
Common Mistakes:
  • Confusing Basic Auth with API key or OAuth tokens
  • Thinking no credentials are needed
  • Using only username or only password
2. Which is the correct way to set Basic Authentication in Postman?
easy
A. Select 'Basic Auth' in the Authorization tab and enter credentials
B. Use the Body tab to send username and password
C. Put credentials in the URL query parameters
D. Add username and password in the Headers tab manually

Solution

  1. Step 1: Locate Authorization tab in Postman

    Postman provides an Authorization tab to set authentication types easily.

  2. Step 2: Choose Basic Auth and enter credentials

    Selecting Basic Auth lets you enter username and password which Postman encodes automatically.

  3. Final Answer:

    Select 'Basic Auth' in the Authorization tab and enter credentials -> Option A

  4. Quick Check:

    Use Authorization tab for Basic Auth [OK]
Hint: Use Authorization tab, not Headers or Body [OK]
Common Mistakes:
  • Manually adding Authorization header incorrectly
  • Putting credentials in URL which is insecure
  • Sending credentials in request body for Basic Auth
3. What will Postman send in the Authorization header when you enter username 'user1' and password 'pass123' for Basic Auth?
medium
A. Authorization: Basic user1:pass123
B. Authorization: Bearer user1:pass123
C. Authorization: Basic dXNlcjE6cGFzczEyMw==
D. Authorization: Token dXNlcjE6cGFzczEyMw==

Solution

  1. Step 1: Understand Basic Auth header format

    Basic Auth sends 'Authorization: Basic ' plus base64 encoding of 'username:password'.

  2. Step 2: Encode 'user1:pass123' in base64

    Encoding 'user1:pass123' results in 'dXNlcjE6cGFzczEyMw=='.

  3. Final Answer:

    Authorization: Basic dXNlcjE6cGFzczEyMw== -> Option C

  4. Quick Check:

    Basic Auth header = 'Basic ' + base64(username:password) [OK]
Hint: Basic Auth header is 'Basic ' + base64(username:password) [OK]
Common Mistakes:
  • Using 'Bearer' instead of 'Basic'
  • Sending plain username:password without encoding
  • Confusing token or API key formats
4. You set Basic Auth in Postman but get a 401 Unauthorized error. What is the most likely cause?
medium
A. Using HTTPS instead of HTTP
B. Incorrect username or password entered
C. Headers tab is empty
D. Request body is missing

Solution

  1. Step 1: Understand 401 Unauthorized meaning

    401 means the server rejected the credentials provided.

  2. Step 2: Check credentials correctness

    Most common cause is wrong username or password causing authentication failure.

  3. Final Answer:

    Incorrect username or password entered -> Option B

  4. Quick Check:

    401 error = bad credentials [OK]
Hint: 401 usually means wrong username or password [OK]
Common Mistakes:
  • Thinking HTTPS causes 401 error
  • Assuming missing body causes authentication failure
  • Ignoring credential typos
5. You want to test an API with Basic Auth but keep your password secure. Which Postman feature helps you avoid exposing your password in the request headers?
hard
A. Write the password directly in the URL
B. Disable SSL verification
C. Send credentials in the request body as plain text
D. Use environment variables to store credentials and reference them

Solution

  1. Step 1: Identify secure ways to handle credentials

    Storing credentials in environment variables keeps them hidden and reusable.

  2. Step 2: Use variables in Authorization tab

    Referencing variables in Basic Auth fields avoids hardcoding sensitive info in requests.

  3. Final Answer:

    Use environment variables to store credentials and reference them -> Option D

  4. Quick Check:

    Environment variables protect sensitive data [OK]
Hint: Use environment variables for credentials security [OK]
Common Mistakes:
  • Putting password in URL exposes it
  • Sending password in body is insecure for Basic Auth
  • Disabling SSL reduces security, not protects password