Test Overview
This test sends a request with Basic Authentication headers to verify the server accepts valid credentials and returns a successful response.
0Basic authentication in Postman - Test Execution Trace
Start learning this pattern below
Jump into concepts and practice - no test required
or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Test Code - Postman
Postman
pm.test("Status code is 200", function () { pm.response.to.have.status(200); }); pm.test("Response contains authenticated user info", function () { const jsonData = pm.response.json(); pm.expect(jsonData).to.have.property('authenticated', true); });
Execution Trace - 7 Steps
| Step | Action | System State | Assertion | Result |
|---|---|---|---|---|
| 1 | Test starts | Postman is ready to send the request | — | PASS |
| 2 | Postman sends HTTP GET request with Basic Auth header (username and password encoded in header) | Request is sent to the server endpoint requiring Basic Authentication | — | PASS |
| 3 | Server receives request and validates Basic Auth credentials | Server checks Authorization header for correct username and password | — | PASS |
| 4 | Server responds with HTTP 200 status and JSON body indicating authentication success | Response contains status 200 and JSON {"authenticated": true} | Check response status is 200 | PASS |
| 5 | Postman test script runs assertion to verify status code is 200 | Response status code is 200 | pm.response.to.have.status(200) | PASS |
| 6 | Postman test script runs assertion to verify response JSON has property 'authenticated' set to true | Response JSON contains {"authenticated": true} | pm.expect(jsonData).to.have.property('authenticated', true) | PASS |
| 7 | Test ends with all assertions passing | Test report shows pass for all checks | — | PASS |
Failure Scenario
Failing Condition: Incorrect or missing Basic Auth credentials cause server to reject request
Execution Trace Quiz - 3 Questions
Test your understanding
What does the test verify after sending the request?
Key Result
Always verify that authentication credentials are correctly set and encoded in your test requests to avoid false failures.
Practice
1. What does Basic Authentication in Postman primarily require to access a protected API?
easy
Solution
Step 1: Understand Basic Authentication
Basic Authentication requires a username and password to verify identity.Step 2: Identify Postman's method
Postman uses these credentials to add an Authorization header automatically.Final Answer:
A username and password -> Option AQuick Check:
Basic Auth = username + password [OK]
Hint: Basic Auth always needs username and password [OK]
Common Mistakes:
- Confusing Basic Auth with API key or OAuth tokens
- Thinking no credentials are needed
- Using only username or only password
2. Which is the correct way to set Basic Authentication in Postman?
easy
Solution
Step 1: Locate Authorization tab in Postman
Postman provides an Authorization tab to set authentication types easily.Step 2: Choose Basic Auth and enter credentials
Selecting Basic Auth lets you enter username and password which Postman encodes automatically.Final Answer:
Select 'Basic Auth' in the Authorization tab and enter credentials -> Option AQuick Check:
Use Authorization tab for Basic Auth [OK]
Hint: Use Authorization tab, not Headers or Body [OK]
Common Mistakes:
- Manually adding Authorization header incorrectly
- Putting credentials in URL which is insecure
- Sending credentials in request body for Basic Auth
3. What will Postman send in the Authorization header when you enter username 'user1' and password 'pass123' for Basic Auth?
medium
Solution
Step 1: Understand Basic Auth header format
Basic Auth sends 'Authorization: Basic ' plus base64 encoding of 'username:password'.Step 2: Encode 'user1:pass123' in base64
Encoding 'user1:pass123' results in 'dXNlcjE6cGFzczEyMw=='.Final Answer:
Authorization: Basic dXNlcjE6cGFzczEyMw== -> Option CQuick Check:
Basic Auth header = 'Basic ' + base64(username:password) [OK]
Hint: Basic Auth header is 'Basic ' + base64(username:password) [OK]
Common Mistakes:
- Using 'Bearer' instead of 'Basic'
- Sending plain username:password without encoding
- Confusing token or API key formats
4. You set Basic Auth in Postman but get a 401 Unauthorized error. What is the most likely cause?
medium
Solution
Step 1: Understand 401 Unauthorized meaning
401 means the server rejected the credentials provided.Step 2: Check credentials correctness
Most common cause is wrong username or password causing authentication failure.Final Answer:
Incorrect username or password entered -> Option BQuick Check:
401 error = bad credentials [OK]
Hint: 401 usually means wrong username or password [OK]
Common Mistakes:
- Thinking HTTPS causes 401 error
- Assuming missing body causes authentication failure
- Ignoring credential typos
5. You want to test an API with Basic Auth but keep your password secure. Which Postman feature helps you avoid exposing your password in the request headers?
hard
Solution
Step 1: Identify secure ways to handle credentials
Storing credentials in environment variables keeps them hidden and reusable.Step 2: Use variables in Authorization tab
Referencing variables in Basic Auth fields avoids hardcoding sensitive info in requests.Final Answer:
Use environment variables to store credentials and reference them -> Option DQuick Check:
Environment variables protect sensitive data [OK]
Hint: Use environment variables for credentials security [OK]
Common Mistakes:
- Putting password in URL exposes it
- Sending password in body is insecure for Basic Auth
- Disabling SSL reduces security, not protects password