Repo for video demo of how to use postman api test scripts. The API itself has been stripped down to its most basic functionality for the tests. All the scripts are at the root level of the project. The data is just being stored in memory with a single base set of user and movie objects from the data.js
file.
Once you have downloaded or cloned the repo you need to install the dependencies for the API. We do this using npm
.
npm install
This command will read the package.json file and install all the required dependencies, such as, express
, bcrypt
, and jsonwebtoken
.
To launch the server use this command:
npm run dev
GET http://localhost:3000/
This base route can be used to check if the API is currently running. If the server is running there should always be a response.
However, it will check for a valid API key too. The value of the key is MyUniqueApiKey
. It needs to be sent from the client as a value for an x-api-key
header.
The successful response will be:
{
"STATUS": "Good to go!"
}
A response for an invalid key will be:
{
"error": {
"code": 999,
"message": "Invalid API key"
}
}
This is the only route in the API that looks for this x-api-key
header.
POST http://localhost:3000/api/users/register
Body of request must be JSON. Sample:
{
"email": "[email protected]",
"password": "nascar123"
}
POST http://localhost:3000/api/users/tokens
Body of request must be JSON. Sample:
{
"email": "[email protected]",
"password": "nascar123"
}
Valid request will return a JSON string response like this sample:
{
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOjE1ODc5MTI2OTg5ODYsImlhdCI6MTU4NzkyMDIyOH0.E9oDnlXb4Bw6Kr4672BwNdav-51p_qOs58shQWrfkog"
}
}
No body required. Authorization Bearer token required in the headers. Will return list of all movies for the current user based on the id in the signed token.
GET http://localhost:3000/api/movies
Sample Response:
{
"data": [
{
"_id": 1587912695511,
"title": "Alien",
"year": 1979,
"owner": 1587912698986
},
{
"_id": 1587921091646,
"title": "Avatar",
"year": 2009,
"owner": 1587912698986
}
]
}
No body required. Authorization Bearer token required in the headers. Will get details of specific movie for current user, based on the token.
GET http://localhost:3000/api/movies/:id
Sample response:
{
"data": {
"_id": 1587912695511,
"title": "Alien",
"year": 1979,
"owner": 1587912698986
}
}
Body must be JSON. Authorization Bearer token required in the headers. Adds a new movie for the current user. User id comes from the token. Sample:
{
"title": "Some movie name",
"year": 1999
}
POST http://localhost:3000/api/movies
Response will have the same data, plus an _id property.
{
"data": {
"_id": 1587921293849,
"title": "Avatar",
"year": 2009
}
}
No body required. Authorization Bearer token required in the headers. Movie id will come from the URL. The owner of the movie must match the user id in the token.
DELETE http://localhost:3000/api/movies/:id
Response for the delete will just be the id for the deleted movie
{
"data": { "_id": 1587921293849 }
}
All the errors from the server should return as valid JSON data. They will have an HTTP status code of 400. They will have the same data structure in the JSON which includes code
and message
properties. Sample:
{
"error": {
"code": 111,
"message": "Not gonna do it."
}
}
API uses JSON web tokens to authenticate users. The token must be included as a Authentication
header in the request with the value set to Bearer
followed by the token string.
Example header:
"Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOjE1ODc5MTI2OTg5ODYsImlhdCI6MTU4NzkyMDIyOH0.E9oDnlXb4Bw6Kr4672BwNdav-51p_qOs58shQWrfkog"