This post and video shows how to complete the POST secret note challenge, which returns a status code of 200 and amends the secret note.
What are the API Challenges?
Our API Challenges Application has a fully functional cloud hosted API, and a set of challenges to work through.
POST Amend Secret Note Challenge
Most of the challenges simply require the correct payload, and an X-Challenger header to track the session. The authentication challenges require an extra header, the value for which can only be obtained with a username and password. This value is obtained when completing challenge 30.
The X-CHALLENGER header authenticates you to access a specific set of secret notes, and the X-AUTH-TOKEN authorizes you to gain access.
- Authentication is “are you who you say you are” (
X-CHALLENGER) - Authorization is “do you have the right permissions” (
X-AUTH-TOKEN)
Challenge 34 POST Amend
Issue a POST request on the
/secret/noteend point with a note payload e.g. {“note”:“my note”} and receive 200 when valid X-AUTH-TOKEN used. Note is maximum length 100 chars and will be truncated when stored.
POSTrequest means use the HTTP Verb POST- e.g.
POST /secret/notesends to the secret note endpoint
- e.g.
with a note payloadinclude aJSONformatted object as the payloadvalid X-AUTH-TOKEN usedmeans a custom header namedX-AUTH-TOKENshould be added to the message with the value received from the/secret/tokenresponse in Challenge 30- add the
X-CHALLENGERheader to track progress and authenticate the request - Receive a 200 response because both
X-CHALLENGERandX-AUTH-TOKENare for the same user and the payload was well formatted.
Basic Instructions
- Create a new request for the
/secret/noteend point- if running locally that endpoint would be
http://localhost:4567/secret/note
- if running in the cloud that endpoint would be
https://apichallenges.herokuapp.com/secret/note
- if running locally that endpoint would be
- The verb should be a
POST - Ensure there is a custom header with the name
X-AUTH-TOKENand the value is the same as received in the/secret/tokenresponse - The request should have an
X-CHALLENGERheader to track challenge completion - Add a JSON Payload of the format
{"note":"my note"} - Include header for
Content-typevalueapplication/json - If the text is too long it will be truncated
- You should receive a 200 response
- The body of the response will contain the secret note
> POST /secret/note HTTP/1.1
> Host: apichallenges.herokuapp.com
> User-Agent: insomnia/2021.2.2
> X-CHALLENGER: x-challenger-guid
> X-AUTH-TOKEN: x-auth-token-value
> Content-Type: application/json
> Authorization: Basic YWRtaW46cGFzc3dvcmQ=
> Accept: */*
> Content-Length: 31
| {
| "note": "my note is here"
| }
< HTTP/1.1 200 OK
< Connection: close
< Date: Sun, 25 Jul 2021 11:47:36 GMT
< X-Challenger: x-challenger-guid
< Content-Type: application/json
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: *
< Server: Jetty(9.4.z-SNAPSHOT)
< Via: 1.1 vegur
Example body of the response:
{
"note": "my note is here"
}
Extras
- Try varying the length of the note… does the system truncate as expected?
