Many REST API endpoints require authentication to return the response. To authenticate the request, we will need to provide an authentication token with the required scopes or permissions. But first, we need to generate an access token and then pass it to the second request to get the desired response.
What is an Access Token?
An access token is a credential that is used to authenticate and authorize requests made to an API. It serves as proof of the user’s identity and permissions, allowing them to access protected resources or perform specific actions within the API.
Access tokens are usually represented as strings of characters (e.g., alphanumeric) that are generated by the server and provided to clients upon successful authentication. Access tokens often have an expiration time associated with them, after which they become invalid. This helps ensure security by limiting their lifespan.
Using access tokens helps ensure secure communication between clients and servers by preventing unauthorized access to protected resources. Without a valid access token, requests may be rejected or limited in their scope.
Access tokens enable stateless communication between client and server, meaning that each request contains all necessary authentication and authorization information within itself. This eliminates the need for servers to store session-related data, improving scalability and reducing overhead.
![](https://qaautomation.expert/wp-content/uploads/2024/05/image-21.png?w=1200)
Let us create a class that will generate the access token.
AbstractHelper
public class AbstractHelper {
String token;
String accessToken;
JsonPath jsonPath;
public String generateToken() throws IOException {
token = given().auth().preemptive()
.basic(username, password)
.contentType("application/x-www-form-urlencoded")
.formParam("grant_type", "client_credentials")
.when().post("https://example.com/accesstoken").asString();
System.out.println("Token :" + token);
jsonPath = new JsonPath(token);
accessToken = jsonPath.getString("access_token");
System.out.println("Access Token :" + accessToken);
return accessToken;
}
}
In the above example, a token is generated as shown below.
![](https://qaautomation.expert/wp-content/uploads/2024/05/image-23.png?w=933)
It is a JSON Response. We need only the token part and not the {“access_token”} part. So we have used the below command to extract the token part only.
JsonPath jsonPath = new JsonPath(token);
accessToken = jsonPath.getString("access_token");
What is Oauth2()?
OAuth 2.0 (Open Authorization 2.0) is an industry-standard protocol for authorization and delegation of access to protected resources on the web. It provides a secure and standardized way for users to grant limited access to their resources hosted on one website or application (called the “resource server”) to another website or application (called the “client”).
Below is a test where we are passing the token generated in the previous request for authentication to another request using oauth2().
AccessToken_Example
import java.io.IOException;
public class AccessToken_Example extends AbstractHelper {
Response response;
@Test
public void testRequest() throws IOException {
response = RestAssured.given()
.auth().oauth2(generateToken()).when().get("https://localhost/8080/coreid").then()
.extract()
.response();
System.out.println("Response :" + response.asString());
int statusCode = response.getStatusCode();
Assert.assertEquals(200,statusCode);
}
}
The output of the above program is
![](https://qaautomation.expert/wp-content/uploads/2024/05/image-22.png?w=1029)
Summary:
1. Access tokens are typically obtained through an authentication process, such as logging in with a username and password or using a third-party authentication service like OAuth.
2. Once authenticated, the access token contains information about the user’s permissions and privileges within the system. Use this access token and pass it to another request to get the required response.