Hackers are everywhere. To protect our data and server from hackers, the backend developers need to put some security measures by adding different authorization techniques. Today we’ll show you some of those techniques.
First of all, we need an API server. Thankfully, there are services like https://webhook.site, which lets you test APIs without needing to create a server.
Now we're going to demonstrate some techniques to secure the server using The Postman and API Tester (supports Android & iOS).
1. API Key
In this technique, developers put a Key and a Value in either the headers or the query. Let's do it the header way. In postman, we select the Authorization type to API Key (1). Now write a Key(2) and a Value(3). Then press Send(4).
Now, if we look at the webhook page, we’ll see a new header key named somekey with the value somevalue.
Now we’ll do the same thing using API Tester. First open the app, and click on the Create new request button.
From here, click on GET.
Then add the webhook URL.
Then click on Add Header(1) and put the Key(2) and Value(3). Then click on send button(4) at the top-right corner.
Now again, if we look at the webhook page, we’ll see a new header key named somekey with the value somevalue has been received.
2. Bearer Token
Select authorization type as Bearer token and put the value of token as somevalue and click send.
In the webhook page, we’ll see in the headers that there’s a new key named authorization & the value is Bearer somevalue.
Now using the API Tester app, first add a new header key named Authorization, and the value would be Bearer somevalue and press send.
On the webhook page, we’ll see the bearer token successfully sent via the API Tester app.
3. Basic Auth
Select authorization type as Basic Auth and put the username and password. Then click send.
If we look at the webhook page, we’ll see the username is sent as php-auth-user, and the password is sent as php-auth-pw.
Now using the API Tester app, in the headers, create a new key with the name php-auth-user, then put the username as the value. Then create a new key with the name php-auth-pw and put the password as the value. Click on the send button.
On the webhook page, we’ll see that the values are received.
4. No Auth
What if there are no authorization techniques implemented? We can mimic this API behavior in the postman by selecting the no auth option and just clicking on the send button.
And in the API Tester app, remove all the headers by clicking on the edit button.
Then it’ll show the headers. Remove all the texts from here and press the cross button at the top-right corner.
Then just click on the sent button. As you can see on the webhook page, it shows the request headers without any new keys or values.
Now, if you are like me, who likes to work smart instead of working hard, you can simply export the APIs from Postman to the API Tester app by simply clicking on this button shown below.
Then select cURL and copy the texts below.
Then in the API Tester app, while creating a new request, click on the cURL button.
Then paste the texts copied from the postman and click on import.
And voila! You have added a new request using the exported cURL texts.
Give the API Tester a try. It's free and supports Android & iOS.
Top comments (0)