Auth testing checks who can use an API. It helps keep data safe by stopping bad users.
POST /api/login
Headers:
Content-Type: application/json
Body:
{
"username": "user1",
"password": "pass123"
}
GET /api/data
Headers:
Authorization: Bearer <token>Use the Authorization header to send tokens.
Test both valid and invalid tokens to check security.
POST /api/login
Body:
{
"username": "user1",
"password": "pass123"
}GET /api/data Headers: Authorization: Bearer valid_token_here
GET /api/data Headers: Authorization: Bearer invalid_token
This test script shows how to check if the API allows access only with a valid token and blocks invalid tokens.
1. Send POST request to /api/login with correct username and password. 2. Receive token from response. 3. Send GET request to /api/data with Authorization header using the token. 4. Check if response status is 200 (OK). 5. Send GET request to /api/data with invalid token. 6. Check if response status is 401 (Unauthorized).
Always test both success and failure cases for authentication.
Keep tokens secret and never share them in public tests.
Use Postman's environment variables to store tokens safely.
Auth testing helps keep APIs safe by checking who can use them.
Test with valid and invalid tokens to find security gaps.
Use Postman to automate and repeat these tests easily.