Скачать или смотреть API Testing Challenges 31 - How To - forbidden secret note 403

How to complete the unauthorized secret note challenge, which returns a status code of 403 Forbidden.

Issue a GET request on the `/secret/note` end point and receive 403 when `X-AUTH-TOKEN` does not match a valid token

The `X-CHALLENGER` header authenticates you to access a specific set of secret notes, and the `X-AUTH-TOKEN` authorizes you to gain access.

`GET` request means use the HTTP Verb GET
e.g. `GET /secret/note` sends to the secret note endpoint
`X-AUTH-TOKEN` means include a header named `X-AUTH-TOKEN` in the message. The `X-` implies it is a non-standard custom header
`does not match a valid token` means that the value in the header should be different from the value returned from the `secret/token` endpoint
add the `X-CHALLENGER` header to track progress and because the authentication code we need is asociated with the `X-challenger` session
Receive a 403 FORBIDDEN response because the authorization token does not match the token required to access the data


Find the application links and more information at:

https://eviltester.com/apichallenges

Write up of this challenge instructions:

https://eviltester.com/apichallenges/...


---

Remember to subscribe to this YouTube channel.

You can support me on Patreon   / eviltester   (watch my videos ad free and receive extra content)

I blog at https://eviltester.com/blog

Learn more about my books and online training at:

https://eviltester.com

Follow me on:

  / eviltester  
  / eviltester  
  / eviltester