Authorization: Bearer <token>Authorization :
It's a process of granting or denying access to resources.
Mostly it happens after Authentatication.
Most of the projects I worked on use Bearer token
with JWT in Authorizaiton header.
I have endpoint that I can use to generate this token
and pass it to the each requests in my test.
Different ways to making authorized request:
1- Basic Auth
(providing username and password along with each request)
2- Api Keys
(It is provided token by the api vendor and
it could be as query parameter or header
3- Bearer Token
(We can get it by requesting to certain endpoint)
Most known jwt(json web token)
4- Auth2
(A much more secure way of authorizing your request
The flow is similar to Login with facabook,google
Eventually the token still get added to the
Authorization header)
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
) secret base64 encoded