Skip to main content
blog title image

2 minute read - API Testing API Challenges

Challenge 32 - How To - Unauthorized 401

Jul 25, 2021

This post and video shows how to complete the unauthorized secret note challenge, which returns a status code of 401 Unauthorized.

What are the API Challenges?

Our API Challenges Application has a fully functional cloud hosted API, and a set of challenges to work through.

Authorization Challenge

Most of the challenges simply require the correct payload, and an X-Challenger header to track the session. The authentication challenges require an extra header, the value for which can only be obtained with a username and password. This value is obtained when completing challenge 30.

The X-CHALLENGER header authenticates you to access a specific set of secret notes, and the X-AUTH-TOKEN authorizes you to gain access.

  • Authentication is “are you who you say you are” (X-CHALLENGER)
  • Authorization is “do you have the right permissions” (X-AUTH-TOKEN)

Challenge 32 Unauthorized

Issue a GET request on the /secret/note end point and receive 401 when no X-AUTH-TOKEN header present

  • GET request means use the HTTP Verb GET
    • e.g. GET /secret/note sends to the secret note endpoint
  • no X-AUTH-TOKEN header present means no custom header named X-AUTH-TOKEN should be added to the message
  • add the X-CHALLENGER header to track progress
  • Receive a 401 UNAUTHORIZED response because no authorization token is present

Basic Instructions

  • Create a new request for the /secret/note end point
    • if running locally that endpoint would be
      • http://localhost:4567/secret/note
    • if running in the cloud that endpoint would be
      • https://apichallenges.herokuapp.com/secret/note
  • The verb should be a GET
  • Ensure there is no custom header with the name X-AUTH-TOKEN
  • The request should have an X-CHALLENGER header to track challenge completion
  • You should receive a 401 response - meaning you are not authorized
> GET /secret/note HTTP/1.1
> Host: apichallenges.herokuapp.com
> User-Agent: insomnia/2021.2.2
> X-CHALLENGER: x-challenger-guid
> Accept: */*

< HTTP/1.1 401 Unauthorized
< Connection: close
< Date: Sun, 25 Jul 2021 10:42:36 GMT
< Content-Type: application/json
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: *
< X-Challenger: 1x-challenger-guid
< Server: Jetty(9.4.z-SNAPSHOT)
< Via: 1.1 vegur

Overview Video

Patreon ad free version

Learn More and Start Testing

If you like this content then you might be interested in my Patreon Community. I create exclusive content multiple times a week. Gain access to Patreon only content and online training courses for as little as $1 per month. Learn more about the EvilTester Patreon Community.

All Posts | Categories | Archive

Join The Evil Tester Patreon Community

Free training courses and ebooks (sold for over $200).

Learn more about EvilTester on Patreon

Support our work and gain access to hints, tips, and prompts for improving your Software Development skills. Regular updates, multiple times a week for as little as $1 per month.

Patreon Members Login for exclusive courses and ebooks.

Contact

Contact Me

Join Email List

Email Privacy Details.

Online Training Courses

Technical Web Testing Course

Technical Web Testing Course

Evil Tester Talks Bundle

Evil Tester Talks Technical Testing Bundle

Selenium WebDriver Support Classes

Selenium WebDriver Support Classes in Java

All Courses

Books

Buy Dear Evil Tester Book Buy Java For Testers Book Buy Automating and Testing a REST API Buy Selenium Simplified Book

Learn more about our books

Follow

Podcasts and Videos

Podcasts

Subscribe to YouTube Channel

Need some motivation?

Try the Sloganizer

"Of course I'm not evil, I just pretend to be."

Recent Blog Posts

Modelling Software Testing for Naming and Understanding

Kubernetes kubectl cheat sheet notes

Updated Github Repos and Released Conference Talk

Recruit And interview people. Do not just fill roles

Testing The Triangle Application

On Modelling

June 2023 EvilTester.com and Patreon Content Summary

Episode 020 - The Test Automation Pyramid Episode - The Evil Tester Show

Also...

Recommended Reading List