{"info":{"_postman_id":"389ab36d-6418-4c79-9e31-5352b048559f","name":"API Security in Action","description":"This collection contains requests against the example \"Natter\" API used in the book \"API Security in Action\" published by Manning.\n\nSee https://www.manning.com/books/api-security-in-action for the book\n\nCode: https://github.com/NeilMadden/apisecurityinaction","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json"},"item":[{"name":"Chapter 2","item":[{"name":"Create a social space","event":[{"listen":"test","script":{"type":"text/javascript","exec":["var json = pm.response.json();","pm.collectionVariables.set(\"space_uri\", json[\"uri\"]);",""]}}],"_postman_id":"e648b5a0-7687-49c1-8f70-be12eb34e4d2","request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"test space\",\n    \"owner\": \"demo\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4567/spaces","description":"Creates a new Natter social space"},"response":[]},{"name":"Send a message","_postman_id":"c57c15f5-ab5a-4e2f-bab7-600c0b249496","request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"author\": \"demo\",\n    \"message\": \"Hello, World!\"\n}","options":{"raw":{"language":"json"}}},"url":"http://localhost:4567/{{space_uri}}/messages","description":"Sends a message to the social space"},"response":[]},{"name":"List messages","_postman_id":"9e04aab7-2be3-4f3c-bf3b-d5bda86893ae","request":{"method":"GET","header":[],"url":{"raw":"http://localhost:4567/{{space_uri}}/messages?since=2020-01-01T09:15:00.00Z","protocol":"http","host":["localhost"],"port":"4567","path":["{{space_uri}}","messages"],"query":[{"key":"since","value":"2020-01-01T09:15:00.00Z"}]},"description":"Lists all messages in the social space"},"response":[]},{"name":"Read message","_postman_id":"8030ab6e-a453-448c-861f-0b099ec7c0e4","request":{"method":"GET","header":[],"url":"http://localhost:4567/spaces/1/messages/1","description":"Reads an individual message"},"response":[]},{"name":"Moderator: delete a message","_postman_id":"61e6913c-c57e-4969-bba8-ba8ab8d6bd4a","request":{"method":"DELETE","header":[],"url":"http://localhost:4567/spaces/1/messages/1","description":"Deletes a single message"},"response":[]}],"_postman_id":"7b36c60b-f864-4a94-b495-54d7b727933c","description":"API requests used in chapter 2","protocolProfileBehavior":{}},{"name":"Chapter 3","item":[{"name":"Register a user","_postman_id":"77fa23de-867c-480c-86e2-0d191aa386d4","request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"username\": \"demo\",\n    \"password\": \"changeit\"\n}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/users"},"response":[]},{"name":"Query audit logs","_postman_id":"37447cd1-1124-48cb-929f-0259de7e512c","request":{"method":"GET","header":[],"url":"https://localhost:4567/logs"},"response":[]},{"name":"Create space (without authentication)","_postman_id":"c8bea1ff-137b-4ad0-b483-b9e8b488de16","request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"Test Space\",\n    \"owner\": \"demo\"\n}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/spaces","description":"Attempts to create a space without authentication. This will be rejected."},"response":[]},{"name":"Create space (with authentication)","_postman_id":"21892a45-92ee-445a-9606-839f350d32a2","request":{"auth":{"type":"basic","basic":{"username":"demo","password":"changeit","showPassword":false}},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"Test Space\",\n    \"owner\": \"demo\"\n}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/spaces","description":"Make sure you run the Register a user request first"},"response":[]}],"_postman_id":"57591f1a-b243-422c-954c-dcf59cebcd87","protocolProfileBehavior":{}},{"name":"Chapter 4","item":[{"name":"Login","event":[{"listen":"test","script":{"type":"text/javascript","exec":["var json = pm.response.json();","pm.collectionVariables.set(\"csrf_token\", json[\"token\"]);",""]}}],"_postman_id":"6b20d619-153d-46d9-9081-f76e3b14075f","request":{"auth":{"type":"basic","basic":{"username":"demo","password":"changeit","showPassword":false}},"method":"POST","header":[],"body":{"mode":"raw","raw":"{}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/sessions","description":"Sends a login request to get a session cookie. Note: you should use the Register a user request from chapter 3 first."},"response":[{"id":"381b67b8-0ce1-47c9-8ea7-4ac4c2bb35a3","name":"Login","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/sessions"},"status":"Created","code":201,"_postman_previewlanguage":"json","header":[{"key":"Date","value":"Thu, 30 Jul 2020 22:09:55 GMT"},{"key":"Set-Cookie","value":"JSESSIONID=node0k23ffjrzgv7j1lwfj22jty6xo0.node0;Path=/;Secure;HttpOnly"},{"key":"Expires","value":"Thu, 01 Jan 1970 00:00:00 GMT"},{"key":"Content-Type","value":"application/json;charset=utf-8"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-Frame-Options","value":"DENY"},{"key":"X-XSS-Protection","value":"0"},{"key":"Cache-Control","value":"no-store"},{"key":"Content-Security-Policy","value":"default-src 'none'; frame-ancestors 'none'; sandbox"},{"key":"Server","value":""},{"key":"Transfer-Encoding","value":"chunked"}],"cookie":[],"body":"{\n    \"token\": \"j5AUXTYi96JjM5eadv3CuFBWo9E5DLkwkSYExT1R8dM\"\n}"}]},{"name":"Create space (without CSRF token)","_postman_id":"d2de5f3f-eb36-4898-94d8-04a13a4078ee","request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"csrf test space\",\n    \"owner\": \"demo\"\n}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/spaces","description":"This will fail after implementing section 4.4.3 with a 401 Unauthorized response."},"response":[]},{"name":"Create space (with CSRF token)","_postman_id":"a60b1f0e-f1b9-42b4-b5cf-07bc6bb11f08","request":{"method":"POST","header":[{"key":"X-CSRF-Token","value":"{{csrf_token}}","type":"text"}],"body":{"mode":"raw","raw":"{\n    \"name\": \"csrf test space\",\n    \"owner\": \"demo\"\n}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/spaces"},"response":[]},{"name":"Logout","_postman_id":"8b9627fb-ffba-4c62-946d-395aab61b3b7","request":{"method":"DELETE","header":[{"key":"X-CSRF-Token","value":"{{csrf_token}}","type":"text"}],"url":"https://localhost:4567/sessions"},"response":[]}],"_postman_id":"78ca2627-9a00-4dcf-869b-465cde71cb51","protocolProfileBehavior":{}},{"name":"Chapter 5","item":[{"name":"Login","event":[{"listen":"test","script":{"type":"text/javascript","exec":["var json = pm.response.json();","pm.collectionVariables.set(\"auth_token\", json[\"token\"]);",""]}}],"_postman_id":"f8ddeefd-85bb-4e2a-b611-a01a1ebdd9d9","request":{"auth":{"type":"basic","basic":{"username":"demo","password":"changeit","showPassword":false}},"method":"POST","header":[],"body":{"mode":"raw","raw":"{}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/sessions"},"response":[]},{"name":"Create space (Bearer auth)","_postman_id":"649e5953-149e-48b7-b95b-f9910dffcbae","request":{"auth":{"type":"bearer","bearer":{"token":"{{auth_token}}"}},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"bearer test space\",\n    \"owner\": \"demo\"\n}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/spaces"},"response":[]}],"_postman_id":"5e9b8781-46e5-4401-a4e7-da39cb5e4cab","protocolProfileBehavior":{}},{"name":"Chapter 9","item":[{"name":"Login","event":[{"listen":"test","script":{"type":"text/javascript","exec":["var json = pm.response.json();","pm.collectionVariables.set(\"csrf_token\", json[\"token\"]);",""]}}],"_postman_id":"a367d3c7-c685-4918-a87c-a9f39cf5b07e","request":{"auth":{"type":"basic","basic":{"username":"demo","password":"changeit","showPassword":false}},"method":"POST","header":[],"body":{"mode":"raw","raw":"{}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/sessions"},"response":[]},{"name":"Create space","event":[{"listen":"test","script":{"type":"text/javascript","exec":["var json = pm.response.json();","pm.collectionVariables.set(\"post_message_uri\", json[\"messages-rw\"]);","pm.collectionVariables.set(\"list_messages_uri\", json[\"messages-r\"]);",""]}}],"_postman_id":"5f26f863-1795-42b8-bd55-c8419a8968d6","request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"name\": \"bearer test space\",\n    \"owner\": \"demo\"\n}","options":{"raw":{"language":"json"}}},"url":{"raw":"https://localhost:4567/spaces","protocol":"https","host":["localhost"],"port":"4567","path":["spaces"],"query":[{"key":"access_token","value":"{{csrf_token}}","disabled":true}]}},"response":[]},{"name":"Post message","_postman_id":"dec16123-77e4-4e21-880b-ff0e9a961dda","request":{"auth":{"type":"bearer","bearer":{"token":"{{csrf_token}}"}},"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"author\": \"demo\",\n    \"message\": \"Hello, World!\"\n}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567{{post_message_uri}}"},"response":[]},{"name":"List messages","_postman_id":"4718f827-c4fd-43dc-9987-a4385546742e","request":{"method":"GET","header":[],"url":"https://localhost:4567{{list_messages_uri}}"},"response":[]},{"name":"Share access","_postman_id":"f36612ff-ef2a-4f3b-ac1b-b2109cb847ea","request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\n    \"uri\": \"{{list_messages_uri}}\",\n    \"user\": \"demo2\",\n    \"perms\": \"r\"\n}","options":{"raw":{"language":"json"}}},"url":"https://localhost:4567/share"},"response":[]}],"_postman_id":"a9d33e2d-e2f9-417d-9eee-d13c12254179","protocolProfileBehavior":{}}],"event":[{"listen":"prerequest","script":{"id":"8ad4652a-3dcd-42d8-968d-87a26d887f51","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"5771b0f3-873d-4642-882e-8ed146bb2947","type":"text/javascript","exec":[""]}}],"variable":[{"id":"517c8add-cfe2-421d-9ce9-a625a0cb4118","key":"space_uri","value":"","type":"string"},{"id":"9594f81b-3cd7-4dae-8c70-076d794a6844","key":"csrf_token","value":"","type":"string"},{"id":"1d370265-97ca-4510-a8bc-b84f3e3faa4e","key":"auth_token","value":"","type":"string"},{"id":"699ff5fd-3403-42f1-94d7-aaa8fa4e40d6","key":"list_messages_uri","value":"","type":"string"},{"id":"ae370307-ca2e-4336-8d2e-7432f8de01a2","key":"post_message_uri","value":"","type":"string"},{"id":"01bde891-953f-417b-aa30-b5c8b54f6674","key":"create_space_uri","value":"","type":"string"}],"protocolProfileBehavior":{}}