How to test this kind of API

Our Amazon Web Services (AWS) platform employs Cognito’s OAUTH2.0 to engender a session of JWT token, possessing a duration of one hour. Subsequently, this token is transmuted into a five-minute session AWS credential, which is utilized to access the API (configured in AWS Gateway). My inquiry pertains to the methodology for testing this authentication process with a modicum of simplicity. Currently, we are conducting tests utilizing cURL, a technique that has proven to be less than efficacious.

So I just wonder if there are some already done tech stack to help me test my API without too much headache…

OAUTH2.0 —> JWT token —> AWS credential —> API GET/POST/…

You could just put this as four separate requests, but the problem with that is that the authentication will run each and every time.

For each request, you will parse the response and save the relevant token to a collection or environment variable that can be used in the subsequent request.

I would still probably do this as it tests the logic of your flow. Once you have this working, the other alternative, is to create a pre-request script that does the authentication and a single request for the GET\Post.

You can control the pre-request script with IF statements to check expiry dates for each step.

For your use case, you will want to split the pre-request script into three separate API calls.

I don’t have a complete example, but the following is an example that authenticates against Microsoft using OAuth (which is a single call, not three like the work flow you are trying to test).

pm.test("Check for collectionVariables", function () {
    let vars = ['clientId', 'clientSecret', 'tenantId', 'username', 'password', 'scope'];
    vars.forEach(function (item, index, array) {
        console.log(item, index);
        pm.expect(pm.collectionVariables.get(item), item + " variable not set");
        pm.expect(pm.collectionVariables.get(item), item + " variable not set"); 

    if (!pm.collectionVariables.get("bearerToken") || > new Date(pm.collectionVariables.get("bearerTokenExpiresOn") * 1000)) {
            url: '' + pm.collectionVariables.get("tenantId") + '/oauth2/v2.0/token',
            method: 'POST',
            header: 'Content-Type: application/x-www-form-urlencoded',
            body: {
                mode: 'urlencoded',
                urlencoded: [
                    { key: "client_id", value: pm.collectionVariables.get("clientId"), disabled: false },
                    { key: "scope", value: pm.collectionVariables.get("scope"), disabled: false },
                    { key: "username", value: pm.collectionVariables.get("username"), disabled: false },
                    { key: "password", value: pm.collectionVariables.get("password"), disabled: false },                    
                    { key: "client_secret", value: pm.collectionVariables.get("clientSecret"), disabled: false },
                    { key: "grant_type", value: "password", disabled: false },
        }, function (err, res) {
            if (err) {
            } else {
                pm.test("Status code is 200", () => {
                let resJson = res.json();
                pm.collectionVariables.set("bearerTokenExpiresOn", resJson.expires_in);
                pm.collectionVariables.set("bearerToken", resJson.id_token);

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.