0
0
Postmantesting~20 mins

Bearer token in Postman - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepTraceTryChallengeAutomateRecallFrame
Challenge - 5 Problems
🎖️
Bearer Token Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding Bearer Token Usage in API Requests

Which statement best describes the purpose of a Bearer token in API testing?

AIt is a token that encrypts the entire API request body for security.
BIt is a token used to authenticate API requests by including it in the Authorization header.
CIt is a token that specifies the API endpoint URL to be accessed.
DIt is a token that logs the user out of the API session automatically.
Attempts:
2 left
💡 Hint

Think about how APIs verify who is making the request.

Predict Output
intermediate
2:00remaining
What is the result of this Postman test script?

Given this Postman test script, what will be the value of pm.environment.get('authStatus') after running?

Postman
pm.test('Check status code', function () {
    pm.response.to.have.status(200);
    if (pm.response.code === 200) {
        pm.environment.set('authStatus', 'success');
    } else {
        pm.environment.set('authStatus', 'fail');
    }
});
A"success" if response status is 200, otherwise "fail"
B"fail" always because pm.response.code is undefined
C"success" always regardless of response status
DThrows an error because pm.environment.set is not a function
Attempts:
2 left
💡 Hint

Check how the script sets environment variables based on response code.

assertion
advanced
2:00remaining
Choose the correct assertion to verify Bearer token presence

Which Postman test assertion correctly checks that the Authorization header contains a Bearer token?

Apm.test('Bearer token present', () => pm.request.headers.has('Authorization') && pm.request.headers.get('Authorization').includes('Bearer'));
Bpm.test('Bearer token present', () => pm.response.headers.has('Authorization') && pm.response.headers.get('Authorization').startsWith('Bearer '));
Cpm.test('Bearer token present', () => pm.request.headers.get('Authorization').startsWith('Bearer '));
Dpm.test('Bearer token present', () => pm.response.headers.get('Authorization').includes('Bearer'));
Attempts:
2 left
💡 Hint

Remember that the Bearer token is sent in the request headers, not response headers.

🔧 Debug
advanced
2:00remaining
Identify the error in this Bearer token test script

What error will this Postman test script produce?

Postman
pm.test('Check Bearer token', () => {
    const authHeader = pm.request.headers.get('Authorization');
    pm.expect(authHeader).to.match(/^Bearer\s\w+$/);
});
ANo error, test passes always
BSyntaxError due to incorrect regex escape sequences
CTypeError because pm.request.headers.get is not a function
DAssertionError if Authorization header is missing or malformed
Attempts:
2 left
💡 Hint

Consider what happens if the Authorization header is missing or empty.

framework
expert
2:00remaining
Best practice for securely handling Bearer tokens in automated tests

Which approach is the most secure and maintainable way to handle Bearer tokens in automated API tests using Postman?

AStore the Bearer token in an environment variable and reference it in the Authorization header.
BGenerate a new Bearer token manually before each test run and paste it into the headers.
CInclude the Bearer token in the request body as plain text for easier access.
DHardcode the Bearer token directly in each request's Authorization header.
Attempts:
2 left
💡 Hint

Think about reusability and security of sensitive data in tests.