API Testing Challenges 31 - How To - forbidden secret note 403

How to complete the unauthorized secret note challenge, which returns a status code of 403 Forbidden.

Issue a GET request on the `/secret/note` end point and receive 403 when `X-AUTH-TOKEN` does not match a valid token

The `X-CHALLENGER` header authenticates you to access a specific set of secret notes, and the `X-AUTH-TOKEN` authorizes you to gain access.

- `GET` request means use the HTTP Verb GET
- e.g. `GET /secret/note` sends to the secret note endpoint
- `X-AUTH-TOKEN` means include a header named `X-AUTH-TOKEN` in the message. The `X-` implies it is a non-standard custom header
- `does not match a valid token` means that the value in the header should be different from the value returned from the `secret/token` endpoint
- add the `X-CHALLENGER` header to track progress and because the authentication code we need is asociated with the `X-challenger` session
- Receive a 403 FORBIDDEN response because the authorization token does not match the token required to access the data
Find the application links and more information at:

- https://eviltester.com/apichallenges

Write up of this challenge instructions:

- https://eviltester.com/apichallenges/howto/31-secret-note-forbidden-403
---

Remember to subscribe to this YouTube channel.

You can support me on Patreon https://patreon.com/eviltester (watch my videos ad free and receive extra content)

I blog at https://eviltester.com/blog

Learn more about my books and online training at:

- https://eviltester.com

Follow me on:

- https://twitter.com/eviltester
- https://instagram.com/eviltester
- https://facebook.com/eviltester

Видео API Testing Challenges 31 - How To - forbidden secret note 403 канала EvilTester - Software Testing