API test Best Practices-Authentication
Applicable class: Advanced
1. Overview
Authentication is typically defined as an activity that confirms the identity of a resource, in which the identity of the resource refers to the consumer of the API (or, in other words, the caller). Once a user's authentication has passed, he will be granted access to resources or APIs that are expected to be accessed.
Validation (authentication)-refers to an activity that confirms to the end user of the API.
Authorization (Authorization)-refers to an activity that verifies the resources that a user is authenticated to be able to access.
2. Criteria for authentication (authentication standars)
There are too many standards and techniques for authentication, such as
2.1 Form-based validation (form Based)
Web/html-based authentication usually applies to HTTP cookies.
2.2
BASIC/DIGEST/NTLM Authentication
This authentication method uses HTTP headers to authenticate the user.
2.3 ws-security SAML and Username Tokens
The Soap/xml-based authentication method is implemented by passing credentials on the message header of the soap, and you can also sign or encrypt the credential information, which of course is not required and optional.
2.4 API keyword (API key)
Every request for an API contains a keyword that uniquely identifies the user.
End of File
Translation API test Best Practices-Authentication (authentication)