Page created: 21 Sep 2022
|
Page updated: 23 Mar 2023
Demonstrate access control for specific API operations by signing on as users with different permissions.
To act as a user, you’ll use Postman’s built-in ability to do OpenID Connect (OIDC) sign-on. Sign on as the game administrator and get an access token to allow Postman to act as the administrator. Then, repeat this for the game player. You’ll demonstrate access control by sending a request to review submitted memes as the administrator and then as the player.
In this tutorial, you configured user-based access control for a protected API operation and demonstrated that only authorized users can perform the privileged action.