Testing the end-to-end use case with Postman
Learn how to test user access to the Meme Game by simulating API requests with Postman.
About this task
You’ll use Postman to simulate a user authenticating to the game application and making API requests to start a new game. You’ll demonstrate that the user whose email address comes from a generic domain is not allowed to start a game while inviting others, but they are allowed to start a game when playing by themselves. You’ll also demonstrate that the user with an email address from a trusted domain is allowed to start games with or without inviting others.
Steps
-
Sign on as genericuser:
-
In Postman, go to Collections and click PingOne Authorize: API Access Management Tutorials to open the collection.
-
At the bottom of the Authorization tab, click Clear cookies.
-
Click Get New Access Token.
Result:
Postman launches the sign-on flow. You’ll sign on as genericuser with the password you saved earlier.
-
For the Username, enter
genericuser
. -
For the Password, enter the password you saved earlier. Click Sign On.
Now, you’ll change the password for genericuser.
-
For Current Password, enter the one-time passcode (OTP) again.
-
Enter a New Password, and then enter it again in Verify New Password.
Copy the password to a convenient location. You’ll need it to sign on later.
-
Click Save.
-
When authentication is complete, click Proceed or wait for the confirmation box to time out.
-
In Manage Access Tokens, click the Pencil icon and change the Token Name to
genericuser
. Press Enter.This makes it easier to keep track of which user the token is for.
-
Click Use Token.
Result:
Now Postman has an access token to act as
genericuser
.Now, try to start games with and without invitees.
-
-
Select the User starts game with invitees request and click Send.
Result:
You get a
403 Forbidden
response. This demonstrates that a user whose email address is from a generic domain is not allowed to invite others to new games. -
Select the User starts game without invitees request and click Send.
Result:
Success! You get a
201 Created
response with data in the response body. This demonstrates that a user whose email address is from a generic domain is only allowed to play the game by themselves.Now, you’ll get an access token to allow Postman to act as companyuser.
-
To get an access token for companyuser, repeat step 1, with the following changes:
-
In step 1d, enter
companyuser
for the Username. -
In step 1j, change the Token Name to
companyuser
.Result:
You have an access token that allows Postman to act as the companyuser.
Repeat the requests to see if the user can start games and invite others.
The meme-game.com API does not send invitation emails or store the email addresses of the invited list of users. Regardless, never send real email addresses in your testing with this API.
-
-
Select the User starts game with invitees request and click Send.
Result:
Success! You get a
201 Created
response. -
Select the User starts game without invitees request and click Send.
Result:
Success! You get a
201 Created
response.
Result
Congratulations! You created a custom authorization policy that meets your business requirements and you tested the policy.