API Testing Challenges 35 and 36 - How To - POST Unauthorised 401 403

How to complete the Unauthorised POST secret note challenges, which return status codes of 401 and 403 and fail to amend the secret note.

Issue a POST request on the `/secret/note` end point with a note payload {"note":"my note"} and receive 401 when no X-AUTH-TOKEN present

- `POST` request means use the HTTP Verb POST
- e.g. `POST /secret/note` sends to the secret note endpoint
- `with a note payload` include a `JSON` formatted object as the payload
- `no X-AUTH-TOKEN present` means do not inlude a custom header named `X-AUTH-TOKEN`
- add the `X-CHALLENGER` header to track progress and authenticate the request
- Receive a 401 response because the `X-AUTH-TOKEN` is missing.
Issue a POST request on the `/secret/note` end point with a note payload {"note":"my note"} and receive 403 when X-AUTH-TOKEN does not match a valid token

- same basic message as Challenge 36 but the `X-AUTH-TOKEN` header is included, but the value does not match the value returned from challenge 30 `/secret/token` request.

Find the application links and more information at:

- https://eviltester.com/apichallenges

Write up of this challenge instructions:

- https://eviltester.com/apichallenges/howto/35-36-post-unauthorised-401-403
---

Remember to subscribe to this YouTube channel.

You can support me on Patreon https://patreon.com/eviltester (watch my videos ad free and receive extra content)

I blog at https://eviltester.com/blog

Learn more about my books and online training at:

- https://eviltester.com

Follow me on:

- https://twitter.com/eviltester
- https://instagram.com/eviltester
- https://facebook.com/eviltester

Видео API Testing Challenges 35 and 36 - How To - POST Unauthorised 401 403 канала EvilTester - Software Testing