Auth Enabled Fake Rest API

Introduction

This is an online Fake REST API with authentication. Do you need to test your REST API client with Oath 2.0? This set of API endpoints are having the same functionality of API endpoints we've published in our Fake REST API, But Those are in different API version. If you need to access these API's you should send the Oauth2.0 token in the Authorization Header.

Whole Oauth 2.0 configuration was done using Okta, and we've created few user accounts which could allow you to access this API.

Available Endpoints

Here is the list of Endpoints which available on this REST API. For more details about available APIs please look at our Fake REST API Documentation.

Endpoint HTTP Method Description Actions
https://api.instantwebtools.net/v2/airlines GET Read all airlines details.
https://api.instantwebtools.net/v2/airlines/:id GET Read airline by airline ID.
https://api.instantwebtools.net/v2/airlines POST Create airline data.
https://api.instantwebtools.net/v2/passenger/:id GET Read passenger by passenger ID.
https://api.instantwebtools.net/v2/passenger?page=0&size=10 GET Read all passengers. This endpoint supports pagination
https://api.instantwebtools.net/v2/passenger POST Create passenger using correcte passenger data.
https://api.instantwebtools.net/v2/passenger/:id DELETE Delete passenger by using passenger ID.
https://api.instantwebtools.net/v2/passenger/:id PATCH Update passenger name with correct passenger ID.
https://api.instantwebtools.net/v2/passenger/:id PUT Update every detail of a passenger.

Generating a valid authentication token

First, let's look at the process of generating an authentication token. To do this you should call okta public token URL with valid authorization details. For the moment we've introduced 4 user accounts who have allocated for the different ruleset.

To generate a new valid authentication token you should send a POST request to the following URL with valid authentication credentials.

Endpoint HTTP Method Description Client ID Actions
https://dev-457931.okta.com/oauth2/aushd4c95QtFHsfWt4x6/v1/token POST Create authentication token 0oahdhjkutaGcIK2M4x6

Request New Authentication Token

Sample Request :

POST /oauth2/aushd4c95QtFHsfWt4x6/v1/token HTTP/1.1
Host: dev-457931.okta.com
Content-Type: application/x-www-form-urlencoded

scope=offline_access&grant_type=password&username=api-user4@iwt.net&password=b3z0nV0cLO&client_id=0oahdhjkutaGcIK2M4x6
        

Then as a response, you'll get the correct authentication token along with refresh token. So you can add this authentication token as a bearer token for Authorization header and send a request to authentication enabled API endpoints.

{
    "token_type": "Bearer",
    "expires_in": 3600,
    "access_token": "eyJraWQiOiI1aS1aZUdPZHNlMHUyMnpVWVVpRlY2SjZIOFMwMlZHeUVZRnhMalFKcFl3IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULm1VOUlkU3ltRG15Z1Uwb3JybjhXUUtvSFkxMEpKTVJfUEZpaWk2TnJSTGsuM1lwcncyaFYyeE15LzU5UkkwUWlma1dGY2FUeFpkajVDVndXTWVLaDdjRT0iLCJpc3MiOiJodHRwczovL2Rldi00NTc5MzEub2t0YS5jb20vb2F1dGgyL2F1c2hkNGM5NVF0RkhzZld0NHg2IiwiYXVkIjoiYXBpIiwiaWF0IjoxNTkzODczNDA2LCJleHAiOjE1OTM4NzcwMDYsImNpZCI6IjBvYWhkaGprdXRhR2NJSzJNNHg2IiwidWlkIjoiMDB1aGVuaDFwVkRNZzJ1ZXg0eDYiLCJzY3AiOlsib2ZmbGluZV9hY2Nlc3MiXSwic3ViIjoiYXBpLXVzZXI0QGl3dC5uZXQifQ.Zo1gNyxES2OwNaZTvQfJh7Vpl8YiRlD9zUSfZJOJSXgx65L9O12p9VI1YrTx_meLM4uECuqcGCaiqf4yQx-CQ5QMA-VInb6e0S4SS8RYUDtxfdo3y1WrXFal_20ryh8tcv_8GhkX3d-Ep1jbEKVM7fgYujeTN4R-ccIb-Y1vPGeJHqq9x9BQ6MAUE1URLLVXCZJB8EsE86FaRyaWWdnjWSikrTuWtDSJQCC4oPLjrqbTxFSxabT4_2OeR-9wZ0FmH9wHx3wVuZZj_1upYUsqq6eWPbqpVOyN93gRSV4j0d8L20jFtfN515VE63t5B0QqTN1aSicgscLxG420SiZIVg",
    "scope": "offline_access",
    "refresh_token": "UoClKuS32UBCDYHcnjM-vbbeKZYo_vRAF8h9NVU6-zw"
}
        

Available Users

We've created 4 user accounts which could generate authentication token to access our API. So here are the username, password and token expire time of available users.

Username Password Token Expiry Actions
api-user1@iwt.net b3z0nV0cLO 5 Minutes
api-user2@iwt.net b3z0nV0cLO 5 Minutes
api-user3@iwt.net b3z0nV0cLO 1 Hour
api-user4@iwt.net b3z0nV0cLO 1 Hour

Accessing the API with Authentication Token

Here we've deployed the same functionality of our Fake REST API using a different path prefix for endpoints. Fake REST API includes "/v1/**" API endpoints and here authorization enabled APIs are deployed using "/V2/**" API endpoints.

Sample Request :

GET /v2/airlines HTTP/1.1
Host: https://api.instantwebtools.net
Authorization: Bearer eyJraWQiOiI1aS1aZUdPZHNlMHUyMnpVWVVpRlY2SjZIOFMwMlZHeUVZRnhMalFKcFl3IiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULm1VOUlkU3ltRG15Z1Uwb3JybjhXUUtvSFkxMEpKTVJfUEZpaWk2TnJSTGsuM1lwcncyaFYyeE15LzU5UkkwUWlma1dGY2FUeFpkajVDVndXTWVLaDdjRT0iLCJpc3MiOiJodHRwczovL2Rldi00NTc5MzEub2t0YS5jb20vb2F1dGgyL2F1c2hkNGM5NVF0RkhzZld0NHg2IiwiYXVkIjoiYXBpIiwiaWF0IjoxNTkzODczNDA2LCJleHAiOjE1OTM4NzcwMDYsImNpZCI6IjBvYWhkaGprdXRhR2NJSzJNNHg2IiwidWlkIjoiMDB1aGVuaDFwVkRNZzJ1ZXg0eDYiLCJzY3AiOlsib2ZmbGluZV9hY2Nlc3MiXSwic3ViIjoiYXBpLXVzZXI0QGl3dC5uZXQifQ.Zo1gNyxES2OwNaZTvQfJh7Vpl8YiRlD9zUSfZJOJSXgx65L9O12p9VI1YrTx_meLM4uECuqcGCaiqf4yQx-CQ5QMA-VInb6e0S4SS8RYUDtxfdo3y1WrXFal_20ryh8tcv_8GhkX3d-Ep1jbEKVM7fgYujeTN4R-ccIb-Y1vPGeJHqq9x9BQ6MAUE1URLLVXCZJB8EsE86FaRyaWWdnjWSikrTuWtDSJQCC4oPLjrqbTxFSxabT4_2OeR-9wZ0FmH9wHx3wVuZZj_1upYUsqq6eWPbqpVOyN9
        

Handling Token Refresh

We've enabled refresh token mechanism with this fake REST API. So basically you will get a Refresh Token along with authentication token. So you just need to send a Refresh token request to the Authentication API and refresh the access.

If you need to check token refresh in your application, We've added one user who has a token expiry rule of 5 minutes, and you could use that user to easily simulate token expiry and refresh the token process in your application.

Sample Token Refresh Request :

POST /oauth2/aushd4c95QtFHsfWt4x6/v1/token HTTP/1.1
Host: dev-457931.okta.com
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&client_id=0oahdhjkutaGcIK2M4x6&refresh_token=UoClKuS32UBCDYHcnjM-vbbeKZYo_vRAF8h9NVU6-zw
        

Newsletter

Stay informed on our latest news!