Setting up the testing environment

Once you have learned about the API, you can step forward and start setting up the environment to begin with your API testing.

Analyzing the API

Before we begin setting up the testing environment, we need to analyze the target API to find out which authentication type is used. Authentication types are based on the following:

Basic HTTP authentication
Access token
Cookies

Basic HTTP authentication

Basic HTTP authentication is a very simple and rudimentary authentication mechanism which is pretty archaic today. While making API requests, a new header, called the Authorization header, is constructed, which contains a username and password of a user in Base64 format.

For example, if a username is packt and password is ...

Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Modern Web Penetration Testing by Prakhar Prasad

Setting up the testing environment

Analyzing the API

Basic HTTP authentication

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly