Tools
- Pro
- Open Source
ReadyAPI
Empower your team with the next generation API testing solution
TestEngine
Further accelerate your SoapUI testing cycles across teams and processes

SoapUI
The simplest and easiest way to begin your API testing journey
Download Latest Releases Project Tutorials
Learn
Docs

SoapUI Open Source
Getting Started

Getting Started REST Testing

SOAP and WSDL API Mocking

PRO DOCUMENTATION
ReadyAPI

Support Community

What's New

TestEngine
Resources
Cart
Try ReadyAPI Free

Kata 6: Are you Authorized?

Kata 6: Are You Authorized?

The App

SmartFashion is a clothes store. It has an API which can be used by their own website or other websites they have partnered with, hence the need for the API.

The API is basically a CRUD (Create, Read, Update, Delete) API.

Basic Clients can:

Search for items
Buy items

Admin Clients can also:

Add items
Remove items
Update items

Problem Statement

Test that the API correctly handles user authorization and authentication. Access to the system can be either Admin or Basic Client. Assume that the API lets clients use a login operation that allows for identification of users and their access level. Read up on API Security in our articles State of API Security and Best Practices: Security Vulnerability Testing.

Clues

Highlight the text below to reveal the clues:

Example: Ensure that Basic clients cannot update items directly.
Try to be realistic and check the security of the system as well. For example, check for SQL injection when logging in.