Auth Enabled Fake Rest API
Introduction
This is an online Fake REST API with authentication. Do you need to test your REST API client with Oath 2.0? This set of API endpoints are having the same functionality of API endpoints we’ve published in our Fake REST API, But Those are in different API version. If you need to access these API’s you should send the Oauth2.0 token in the Authorization Header.
Whole Oauth 2.0 configuration was done using Okta, and we’ve created few user accounts which could allow you to access this API.
Available Endpoints
Here is the list of Endpoints which available on this fake REST API.
| Endpoint | HTTP Method | Description |
|---|---|---|
| https://api.instantwebtools.net/v2/airlines | GET | Read all airlines details. |
| https://api.instantwebtools.net/v2/airlines/:id | GET | Read airline by airline ID. |
| https://api.instantwebtools.net/v2/airlines | POST | Create airline data. |
| https://api.instantwebtools.net/v2/passenger/:id | GET | Read passenger by passenger ID. |
| https://api.instantwebtools.net/v2/passenger?page=0&size=10 | GET | Read all passengers. This endpoint supports pagination. |
| https://api.instantwebtools.net/v2/passenger | POST | Create passenger using correct passenger data. |
| https://api.instantwebtools.net/v2/passenger/:id | DELETE | Delete passenger by using passenger ID. |
| https://api.instantwebtools.net/v2/passenger/:id | PATCH | Update passenger name with correct passenger ID. |
| https://api.instantwebtools.net/v2/passenger/:id | PUT | Update every detail of a passenger. |
Generating a valid authentication token
First, let’s look at the process of generating an authentication token. To do this you should call okta public token URL with valid authorization details. For the moment we’ve introduced 4 user accounts who have allocated for the different ruleset.
To generate a new valid authentication token you should send a POST request to the following URL with valid authentication credentials.
| Endpoint | HTTP Method | Description | Client ID |
|---|---|---|---|
| https://dev-457931.okta.com/oauth2/aushd4c95QtFHsfWt4x6/v1/token | POST | Create authentication token | 0oahdhjkutaGcIK2M4x6 |
Request New Authentication Token
Sample Request :
POST https://dev-457931.okta.com/oauth2/aushd4c95QtFHsfWt4x6/v1/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
scope=offline_access
&grant_type=password
&username=api-user4@iwt.net
&password=b3z0nV0cLO
&client_id=0oahdhjkutaGcIK2M4x6
Then as a response, you’ll get the correct authentication token along with refresh token. So you can add this authentication token as a bearer token for Authorization header and send a request to authentication enabled API endpoints.
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "eyJraWQiOiI1aS1aZUdPZHNlMHUyMnpVWVVpRlY2SjZIOFMwMlZHeUVZRnhMalFKcFl3IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULm1VOUlkU3ltRG15Z1Uwb3JybjhXUUtvSFkxMEpKTVJfUEZpaWk2TnJSTGsuM1lwcncyaFYyeE15LzU5UkkwUWlma1dGY2FUeFpkajVDVndXTWVLaDdjRT0iLCJpc3MiOiJodHRwczovL2Rldi00NTc5MzEub2t0YS5jb20vb2F1dGgyL2F1c2hkNGM5NVF0RkhzZld0NHg2IiwiYXVkIjoiYXBpIiwiaWF0IjoxNTkzODczNDA2LCJleHAiOjE1OTM4NzcwMDYsImNpZCI6IjBvYWhkaGprdXRhR2NJSzJNNHg2IiwidWlkIjoiMDB1aGVuaDFwVkRNZzJ1ZXg0eDYiLCJzY3AiOlsib2ZmbGluZV9hY2Nlc3MiXSwic3ViIjoiYXBpLXVzZXI0QGl3dC5uZXQifQ.Zo1gNyxES2OwNaZTvQfJh7Vpl8YiRlD9zUSfZJOJSXgx65L9O12p9VI1YrTx_meLM4uECuqcGCaiqf4yQx-CQ5QMA-VInb6e0S4SS8RYUDtxfdo3y1WrXFal_20ryh8tcv_8GhkX3d-Ep1jbEKVM7fgYujeTN4R-ccIb-Y1vPGeJHqq9x9BQ6MAUE1URLLVXCZJB8EsE86FaRyaWWdnjWSikrTuWtDSJQCC4oPLjrqbTxFSxabT4_2OeR-9wZ0FmH9wHx3wVuZZj_1upYUsqq6eWPbqpVOyN93gRSV4j0d8L20jFtfN515VE63t5B0QqTN1aSicgscLxG420SiZIVg",
"scope": "offline_access",
"refresh_token": "UoClKuS32UBCDYHcnjM-vbbeKZYo_vRAF8h9NVU6-zw"
}
Available Users
We’ve created 4 user accounts which could generate authentication token to access our API. So here are the username, password and token expire time of available users.
| Username | Password | Token Expiry |
|---|---|---|
| api-user1@iwt.net | b3z0nV0cLO | 5 Minutes |
| api-user2@iwt.net | b3z0nV0cLO | 5 Minutes |
| api-user3@iwt.net | b3z0nV0cLO | 1 Hour |
| api-user4@iwt.net | b3z0nV0cLO | 1 Hour |
Accessing the API with Authentication Token
Here we’ve deployed the same functionality of our Fake REST API using a different path prefix for endpoints. Fake REST API includes “/v1/” API endpoints and here authorization enabled APIs are deployed using “/V2/” API endpoints.
Sample Request :
GET /v2/airlines HTTP/1.1
Host: https://api.instantwebtools.net
Authorization: Bearer eyJraWQiOiI1aS1aZUdPZHNlMHUyMnpVWVVpRlY2SjZIOFMwMlZHeUVZRnhMalFKcFl3IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULm1VOUlkU3ltRG15Z1Uwb3JybjhXUUtvSFkxMEpKTVJfUEZpaWk2TnJSTGsuM1lwcncyaFYyeE15LzU5UkkwUWlma1dGY2FUeFpkajVDVndXTWVLaDdjRT0iLCJpc3MiOiJodHRwczovL2Rldi00NTc5MzEub2t0YS5jb20vb2F1dGgyL2F1c2hkNGM5NVF0RkhzZld0NHg2IiwiYXVkIjoiYXBpIiwiaWF0IjoxNTkzODczNDA2LCJleHAiOjE1OTM4NzcwMDYsImNpZCI6IjBvYWhkaGprdXRhR2NJSzJNNHg2IiwidWlkIjoiMDB1aGVuaDFwVkRNZzJ1ZXg0eDYiLCJzY3AiOlsib2ZmbGluZV9hY2Nlc3MiXSwic3ViIjoiYXBpLXVzZXI0QGl3dC5uZXQifQ.Zo1gNyxES2OwNaZTvQfJh7Vpl8YiRlD9zUSfZJOJSXgx65L9O12p9VI1YrTx_meLM4uECuqcGCaiqf4yQx-CQ5QMA-VInb6e0S4SS8RYUDtxfdo3y1WrXFal_20ryh8tcv_8GhkX3d-Ep1jbEKVM7fgYujeTN4R-ccIb-Y1vPGeJHqq9x9BQ6MAUE1URLLVXCZJB8EsE86FaRyaWWdnjWSikrTuWtDSJQCC4oPLjrqbTxFSxabT4_2OeR-9wZ0FmH9wHx3wVuZZj_1upYUsqq6eWPbqpVOyN9
Handling Token Refresh
We’ve enabled refresh token mechanism with this fake REST API. So basically you will get a Refresh Token along with authentication token. So you just need to send a Refresh token request to the Authentication API and refresh the access.
If you need to check token refresh in your application, We’ve added one user who has a token expiry rule of 5 minutes, and you could use that user to easily simulate token expiry and refresh the token process in your application.
Sample Token Refresh Request :
POST /oauth2/aushd4c95QtFHsfWt4x6/v1/token HTTP/1.1
Host: dev-457931.okta.com
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&client_id=0oahdhjkutaGcIK2M4x6&refresh_token=UoClKuS32UBCDYHcnjM-vbbeKZYo_vRAF8h9NVU6-zw