Rest API Testing

vibssingh

How to generate an access token and pass to another request in Postman?

Last Updated On

HOME

Generating and passing an access token in Postman involves a few steps, typically for use with APIs that require authentication. 

Implementation Steps

Step 1: Create a Request to Generate the Auth Token

  1. Open Postman and create a new request (e.g., POST/token).
  2. Enter the API endpoint that generates the token.
  3. Go to the Body tab → select raw → choose JSON → add the request body.
  4. Send the request.
  5. In the response, you’ll usually get a JSON with the access_token:

Step 2: Save the Token in an Environment Variable

After sending the request, go to the Scripts tab (next to Body/Headers).

Add the below script to capture and store the token:

pm.environment.set("TOKEN", pm.response.json().access_token)

Create a new Environment in Postman (top right → Environments → Add

Save the request.

Step 3: Use the Token in Another Request

  1. Create a new request.
  2. Go to the Headers tab.
  3. Add this header:
Key: Authorization
Value: Bearer {{Token}}

Send the request — Postman will automatically insert the token from the environment variable.

Quick Troubleshooting Checklist

1.Is the token saved correctly in environment variables? Token saved in one environment, but request uses another. Make sure you’ve selected the same environment (top-right dropdown in Postman).

2. Is the Authorization: Bearer {{Token}} header present?

3. Does the account have the correct permissions/scopes? Token is valid, but the user doesn’t have permission for that endpoint. Verify that your account has the right role/permissions.

4. Correct Content-Type is sent. Set header → Content-Type: application/json.

vibssingh

How to Use Pytest for REST API Testing

Last Updated On

HOME

Pytest is a versatile testing framework in Python. It can be used for various types of testing, like REST API testing. In this tutorial, we will test Rest API in PyTest Framework.

Table of Contents

  1. Prerequisite
  2. Implementation Steps
    1. Setup and Required Libraries
    2. Setup PyTest Project
    3. Writing Test Cases
    4. Running the Tests
    5. Generating HTML report

Prerequisite:

  1. Python is installed on the machine
  2. PIP is installed on the machine
  3. PyCharm or other Python Editor is installed on the machine

If you need help in installing Python, please refer to this tutorial – How to Install Python on Windows 11.

If you need help in installing PyCharms, please refer to this tutorial – How to install PyCharms on Windows 11.

Implementation Steps

Step 1 – Setup and Required Libraries

1.1 Install pytest

pip install -U pytest

1.2 Install requests

pip install pytest requests

Step 2 – Setup PyTest Project

2.1 Create a new project folder and open it in PyCharm.

2.2 – Go to the project folder and create a new python file – test_restapi.py.

2.3 – Add requests package to the PyCharms

Go to File->Settings ->Project: PyTest_Framework->Python Interpreter.

Click on the “+” sign and enter allure-r in the search bar. It will show a list of packages. Select the “requests” package and click on the “Install Package”.

Once the package is installed, we will see the message that the package is installed successfully.

Step 3- Writing Test Cases

import pytest
import requests

BASE_URL = "https://reqres.in/api"

def test_get_endpoint():
       response = requests.get(f"{BASE_URL}/users/2")
       assert response.status_code == 200
       assert response.json()["data"]["email"]   == "janet.weaver@reqres.in"
       assert response.json()["data"]["id"] == 2
       assert response.json()["data"]["first_name"] == "Janet"
       assert response.json()["data"]["last_name"] == "Weaver"

def test_post_endpoint():
       payload = {"name": "Vibha", "job": "CTO"}
       headers = {"x-api-key": "reqres-free-v1"}

       response = requests.post(f"{BASE_URL}/users", headers=headers, json=payload)

       print(response.status_code)
       print(response.text) 
       assert response.status_code == 201
       assert response.json()["name"] == "Vibha"

Explanation

This is the base URL pointing to the API server on which the endpoints will be tested.

BASE_URL = "https://reqres.in/api"

1.Function: test_get_endpoint()

Sends a GET request to fetch user details with ID 2.

response = requests.get(f"{BASE_URL}/users/2")

Verifies that the response status is 200, indicating success.

assert response.status_code == 200

Checks that the email, id, first_name and last_name in the response matches the expected value.

assert response.json()["data"]["email"]   == "janet.weaver@reqres.in"
assert response.json()["data"]["id"] == 2
assert response.json()["data"]["first_name"] == "Janet"
assert response.json()["data"]["last_name"] == "Weaver"

2. Function: test_post_endpoint()

Defines the payload (data) to be sent in the POST request, specifying the name and job.

payload = {"name": "Vibha", "job": "CTO"}

Sets a custom header.

headers = {"x-api-key": "reqres-free-v1"}

Sends a POST request with the payload and headers.

response = requests.post(f"{BASE_URL}/users", headers=headers, json=payload)

Print the status code and response text for debugging purposes.

print(response.status_code)
print(response.text)

Checks whether the server returned a status code of 201, indicating resource creation.

assert response.status_code == 201

Validates that the name returned in the response matches the submitted name “Vibha”.

assert response.json()["name"] == "Vibha"

Step 4- Running the Tests

pytest test_api.py

The output of the above execution is

If you have pytest-html plugin already installed, then we can generate a HTML Report also. To learn more, please refer to this – How to generate HTML Report in PyTest Framework

pytest test_api.py --html=report.html

The report.html report will be generated in the root directory.

Step 5 – Generating HTML report

Right-click and open with Web Browser.

Enhancements and Best Practices:

  1. Use fixtures for setting up test data or configuration if needed.
  2. Use parameterized testing to run a test function with multiple sets of inputs.
  3. Consider organizing tests in different files based on different functionalities or endpoints in your API.

That’s it! Congratulations on making it through this tutorial and hope you found it useful! Happy Learning!!

vibssingh

How to pass Access token generated by OAuth2 to a request in API Testing

Last Updated On

HOME

Many REST API endpoints require authentication to return the response. To authenticate the request, we will need to provide an authentication token with the required scopes or permissions. First, we need to generate an access token. Then, we pass it to the second request to get the desired response.

What is an Access Token?

An access token is a credential that is used to authenticate and authorize requests made to an API. It proves the user’s identity and permissions. This allows them to access protected resources or perform specific actions within the API.

Access tokens are usually represented as strings of characters (e.g., alphanumeric) that are generated by the server and provided to clients upon successful authentication. Access tokens often have an expiration time associated with them, after which they become invalid. This helps ensure security by limiting their lifespan.

Using access tokens helps ensure secure communication between clients and servers by preventing unauthorized access to protected resources. Without a valid access token, requests may be rejected or limited in their scope.

Access tokens enable stateless communication between client and server. This means that each request contains all necessary authentication and authorization information within itself. This eliminates the need for servers to store session-related data, improving scalability and reducing overhead.


Let us create a class that will generate the access token.

AbstractHelper

public class AbstractHelper {
    
   String token;
   String accessToken;
   JsonPath jsonPath;

    public String generateToken() throws IOException {

        token = given().auth().preemptive()
                .basic(username, password)
                .contentType("application/x-www-form-urlencoded")
                .formParam("grant_type", "client_credentials")
                .when().post("https://example.com/accesstoken").asString();

        System.out.println("Token :" + token);

        jsonPath = new JsonPath(token);
        accessToken = jsonPath.getString("access_token");
        System.out.println("Access Token :" + accessToken);
        return accessToken;
    }

}

In the above example, a token is generated as shown below.

It is a JSON Response. We need only the token part and not the {“access_token”} part. So we have used the below command to extract the token part only.

JsonPath jsonPath = new JsonPath(token);
accessToken = jsonPath.getString("access_token");

What is Oauth2()?

OAuth 2.0 (Open Authorization 2.0) is an industry-standard protocol for authorization and delegation of access to protected resources on the web. It allows users to securely grant limited access to their resources hosted on one website or application. This site is called the “resource server.” The access is given to another website or application, which is called the “client.”

Below is a test. We are passing the token generated in the previous request for authentication. This token is used in another request with oauth2().

AccessToken_Example

import java.io.IOException;

public class AccessToken_Example extends AbstractHelper {

    Response response;
    
   @Test
    public void testRequest() throws IOException {

        response = RestAssured.given()
                .auth().oauth2(generateToken())
                .when().get("https://localhost/8080/coreid").then()
                .extract()
                .response();

        System.out.println("Response :" + response.asString());
        int statusCode = response.getStatusCode();

        Assert.assertEquals(200,statusCode);
    }
}

The output of the above program is

Summary:

1. Access tokens are obtained through an authentication process. This may include logging in with a username and password or using a third-party authentication service like OAuth.
2. Once authenticated, the access token contains information about the user’s permissions and privileges within the system. Use this access token and pass it to another request to get the required response.

vibssingh

How to pass authorization token in header in Rest assured?

Last Updated On

HOME

When you are doing API testing, sometimes the APIs or endpoints are protected. This means you need to be authenticated and authorized to perform certain actions. REST assured supports several authentication schemes, for example, OAuth, digest, certificate, form, and pre-emptive basic authentication.

In this post, we’ll look at how to pass the authorization token in the header in REST Assured.

What is an authorization token?

An authorization token, often referred to as an access token, is a piece of data or credential that is used to authenticate and authorize access to protected resources or operations in a system.

Add the below-mentioned dependencies to the Maven project.

 <dependencies>

       <!-- Rest Assured Dependency -->
      <dependency>
         <groupId>io.rest-assured</groupId>
        <artifactId>rest-assured</artifactId>
        <version>5.4.0</version>
        <scope>test</scope>
      </dependency>

        <!-- TestNG Dependency-->
      <dependency>
          <groupId>org.testng</groupId>
         <artifactId>testng</artifactId>
         <version>7.8.0</version>
         <scope>test</scope>
       </dependency>

</dependencies>

Sending Basic Auth Header in REST Assured

import io.restassured.http.ContentType;
import io.restassured.response.Response;
import org.testng.Assert;
import org.testng.annotations.Test;
import static io.restassured.RestAssured.given;

public class BasicAuth_Demo {


    @Test
    public void createUser() {
        Response response = given()
                .auth()
                .preemptive()
                .header("Authorization", "Token")
                .header("Accept", "application/json")
                .contentType(ContentType.JSON)
                .body(validRequest)
                .when()
                .post("http://localhost:8080/users")
                .then()
                .extract()
                .response();

        int statusCode = response.getStatusCode();

        Assert.assertEquals(statusCode,200);
    }
}

Below is an example of passing an authorization token in Postman.

Let us create the test for the above example using Rest Assured.

package org.example;

import io.restassured.http.ContentType;
import io.restassured.response.Response;
import org.junit.Before;
import org.junit.Test;

import static io.restassured.RestAssured.given;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.equalTo;

public class BasicAuth_Demo {

    private static final String BASE_URL = "https://httpbin.org/basic-auth/user/pass";
    private static final String TOKEN = "Basic dXNlcjpwYXNz";

    @Before
    public void setup() {
        given().baseUri(BASE_URL);
    }

    @Test
    public void validateToken() {

        Response response = given()
                .header("Accept", "application/json")
                .header("Authorization",TOKEN)
                .contentType(ContentType.JSON)
                .when()
                .get("https://httpbin.org/basic-auth/user/pass")
                .then()
                .log().all()
                .extract()
                .response();

        assertThat(response.getStatusCode(),equalTo(200));

    }

}

The output of the above program is

Summary

This code is testing a basic authentication mechanism using Rest-Assured in Java. The key points:

  • A GET request is sent to an endpoint that requires authentication.
  • Basic Authentication credentials (user:pass) are encoded and sent in the Authorization header.
  • The response is verified to ensure that the status code is 200, which indicates successful authentication.

Congratulations on making it through this tutorial and hope you found it useful! Happy Learning!! Cheers!!