Test Overview
This test checks if the API correctly requires authentication before allowing access. It verifies that unauthorized requests are blocked and authorized requests succeed.
0
0
Why auth testing secures APIs in Postman - Test Execution Impact
Test Code - Postman Tests
Postman
pm.test("Unauthorized request is blocked", function () { pm.sendRequest({ url: pm.environment.get("api_url") + "/secure-data", method: 'GET', header: { // No Authorization header } }, function (err, res) { pm.expect(res).to.have.property('status', 401); }); }); pm.test("Authorized request succeeds", function () { pm.sendRequest({ url: pm.environment.get("api_url") + "/secure-data", method: 'GET', header: { 'Authorization': `Bearer ${pm.environment.get("auth_token")}` } }, function (err, res) { pm.expect(res).to.have.property('status', 200); pm.expect(res.json()).to.have.property('data'); }); });
Execution Trace - 2 Steps
| Step | Action | System State | Assertion | Result |
|---|---|---|---|---|
| 1 | Test sends GET request to /secure-data without Authorization header | API server receives request without auth token | Response status code is 401 Unauthorized | PASS |
| 2 | Test sends GET request to /secure-data with valid Bearer token in Authorization header | API server receives request with valid auth token | Response status code is 200 OK and response contains 'data' property | PASS |
Failure Scenario
Failing Condition: API allows access without valid authentication token
Execution Trace Quiz - 3 Questions
Test your understanding
What does the first test verify in the authentication test?
Key Result
Always test both unauthorized and authorized access to secure APIs to ensure data protection and proper access control.