Authorized Post Request | Bondar Academy
Course: Playwright API Testing with TypeScript
Module: API Testing Basics
Instructor: Artem Bondar
Lesson Summary
In this lesson, we build upon the previous lesson where we obtained an authorization token for our test application. Here, we will use this token to create a new article via a POST request. Key Steps to Create a New Article Start by defining a new constant: newArticleResponse using await request.post . Provide the URL for the POST request, which can be found in Postman. Include the body of the request under the data object. Format the document using: Option + Shift + F (Mac) Control + Shift + I (Windows) Add the authorization header : Key: authorization Value: token {token_value} (concatenated with "token space"). Validating the Response After sending the request, extract the JSON response and validate the status code: expect(newArticleResponse.status).toEqual(201); Additionally, print the response object to the console for verification. Best Practices It is recommended to follow up a POST request with a GET request to confirm the data creation. For example, after creating an article, a GET request can be made to retrieve the list of articles: Ensure to include the authorization header in the GET request as well. Validate that the first article in the response matches the article created. In summary, when making authorized requests in Playwright, always include the authorization header in both POST and GET requests to ensure proper access to private resources.
Video Transcript
In the previous lesson, we created a first POST request, getting the authorization token for our test application. In this lesson, we will use this token to create another POST request to create a new article for test application. Let's get into it. This is our current test, create a new article, and inside of this test, let's add a second step of actually creating the article. Let's go back to Postman, and this is their request that we were using to create a new article. This is the body and this is a response. Let's start moving this request from Postman to Playwright. Going back to the code, and I create a new constant first. It will be newArticleResponse equals to awaitRequest.Post. First of all, we provide URL. Going back to Postman, this is the POST request URL. The next step. Next step, we need to provide a body inside of this object, and I remind you, it goes under the data. Data, and I copy the object from the Postman that we created before. Control C, Control V. Let's make a quick formatting of this document. On Mac, it will be combination of Option Shift F, and you see the document is aligned nicely. On Windows, the combination will be Control Shift I, for Visual Studio Code to quickly format your document in VS Code. Let's move on. This is our request. The second thing that we need to provide over here after the data object is authorization header. You put comma after the data object and type headers. Here, we need to provide a list of the headers. For the headers, we need to put authorization header. Clicking over here. Here, the name should be authorization, and value should be token with value of the token. Take the header name, headers, authorization, and for the token. Previously right here, we created the authorization token and it return us this just a bare value of the token. But the format that our application is expecting is token, space, and then the value of the token. We can use a concatenation to add this part of the string to the value of the token. I type token, space, and then plus token and response. The token value will be generated automatically, and the token string will be added to the token value. Auth token will have the value of the token that we need to pass into the authorization header. I copy this and paste it right here as a header. By the way, I can remove this console log from here. What's next? Let's extract the JSON response. I create a new constant, const newArticleResponse.json equals to await newArticleResponse.json. This will be response body and let's add the assertion expect. Let me copy it from here to validate the status code. It will be a little bit faster. Instead of the article response, it will be newArticleResponse status, and the status have to be 201. I believe that's it. Currently, createArticleTest have two steps. First step is to get authorization token making the POST request, and then we reuse this authorization token right here in the headers to create the article with this body. Then the validation that after the creation of the article, we should get status 201. So let's run this test. Running this test, and it's passed. Let's go back to test application, refresh, and here we go. Article is created. Let's delete this article. The next step. So after we made the request, let's make the assertion that we can successfully create the article. So let's print this out to the console, console.log just to look into our response object. New JSON response. Let's run it one more time. This is the object that we created, and look article and title and test to test. This is the title that we created right here. So let's make this assertion. Here, expect that article response JSON dot, then the next key is article dot article dot title to equal, and this is the article. So for now, running this test, I have to manually delete the article from test application because you remember, our API does not allow create the same article again and again. So just temporarily, I am doing this manually, and then we'll fix it later on. So running this test, and test pass successfully, that assertion pass successfully, removing this. So far, this test looks fine, it is working. But when you make a POST request, it is considered a best practice, not just to make a validation of the response body of the POST request. Sometimes, POST request may not even have a response body. You may have a response something like successful or success or okay or something completely not meaningful. So when you make a POST request, it's considered a best practice to make a GET request after that, to validate that data creation on the previous step. So in our example, when we created a new article, we can send a GET request, for example, to get the list of the articles. So let me copy this step from here and put it right here. Okay, and we expect that when we get the list of the articles, the articles response JSON for the first article should be the article that we just created right here. Okay, so let's do this. First of all, we need to add status code validation. So status code validation, it's something that you should be pretty much a default action for every request. We will fix it later to be more convenient, by the way. And the next step, expect, and let's make an assertion. Expect articles response JSON, okay? And what we are looking for, going back, GET articles. And we have articles key, then it is array, and the first article should have the title that we expect, okay? So articles, articles, it's array. So I get the first article from this array.title. And it should be equal to this article, okay? So article response JSON, articles title to equal, this is the title. All right, sounds good. Going back to the app, do we have the test article? Yes, we do, let's delete it, okay, and let's run this test. Okay, test failed, why? And it is failed because title didn't match, so we expected our article to be created. But instead, we got the article which is a default, Discover Bonder Academy, why? So this happened because we did not provide the authorization token to this GET request. So we got only a default article which are public, but the private articles for this particular user are not visible. So let's add authorization header to this GET request as well. So I add the object, then type headers, then object right here. And I simply take the same exact token from the previous step and add it right here. Now, going back again, refresh, I need to remove this article. Otherwise, we have a issue, and running this test one more time. And now everything passed successfully. We were able to validate that the first article in the list of articles was the article that we created with our POST request. All right, so let's quickly summarize what we did in this lesson. So when you need to make authorized request, either POST request or GET request in Playwright, you need to provide authorization header. You can provide this header inside of the object of the second arguments with the key headers. And then inside of the headers object, provide all headers you need. So for us, authorization header has a key authorization, and the value for the header will be the actual value of the token. In our example, value of the token has this format, token space, and then dynamic value of the token that we get from the endpoint users login for our API. Once you get the token, you can reuse this token in all your requests, adding this header to all API requests right here for the POST request and right here for the GET request. All right, that's it guys, and see you in the next lesson.