I have an API, that only allows for HTTPS connection. HTTP is simply rejected by the server, on which the API is deployed.
I would like to automatically test, that HTTP is not valid. My issue is, that if I send a request through Postman to the http:// endpoint, I receive “Could not get any response” - which is actually what I want.
Is there a way to treat this “response” as a success?
Are you sure your server is not redirecting to HTTPS?
Can you open the Postman console and send a screenshot with the logs?
If the server does not send a response, there is nothing to test. You cannot rely on such a test. The reason for no response can vary and you may be testing the wrong thing.
Yes, the connection is not allowed. As per best security practices, I have set the server up to not accepting the HTTP connection at all. If HTTP was accepted, the contents could be intercepted before the redirection was made (as far as I understand).
Which logs is it that you are interested in?
I know the test is not ideal, as for instance a wrong url would give the same result. I just want to make sure, that the server is indeed not accepting my HTTP call, only HTTPS.
I was referring to the Postman requests which show the HTTP traffic.