W 300: Using an API with Postman (15 pts extra)

What You Need

Purpose

To practice using Postman and a popular API, to understand the security issues and API secrets.

Create a Hackazon Account

In a Web browser, to to

https://hackazons.samsclass.info/

In the top right, click "Sign Up", as shown below.

Click the "New user?" button.

Create a new account with a username and password of your choice, as shown below.

Ordering a Product

At the top left, click the Hackazon logo. Click a product. Click the "Add to cart" button.

The product appears at the top right of your desktop, as shown below.

At the top right of the Hackazon window, click "Show all items in shopping cart".

The Shopping Cart page opens, as shown below.

At the lower right, click Next.

In the next page, enter your name, and a fake address and phone number, as shown below.

At the lower right, click "Billing Step".

On the next page, on the right side, click "Bill to this address".

On the Confirmation page, at the lower right, click "Place Order".

You see the "Payment Success" page, as shown below.

At the top right of the page, click "Your account". In the pop-up menu, click "My orders".

You see one complete order, as shown below.

Installing Postman

In a Web browser, go to:

https://www.getpostman.com/downloads/

Click the Download button, as shown below.

Install the software with the default options.

When you first launch Postman, it asks you to create an account. At the bottom, click "Skip signing in and take me straight to the app", outlined in green in the image below.

Sending a GET Request

In the next page, click "Create a request", outlined in green in the image below.

In the top center, after "GET", type

https://hackazons.samsclass.info

outlined in green in the image below.

Click the blue Send button.

In the lower portion of the window, the HTML for the page appears, as shown below.

At the bottom of the Postman page, in the Body section, click Preview, outlined in green in the image below.

The web page appears, but without CSS or images, looking sloppy and bare. Scroll to the bottom, as shown below, to find the "Please login" message.

This shows that we are not currently logged in.

This is a normal, unauthenticated GET request. To do more, such as viewing or changing personal information or purchases, you need to authenticate yourself.

The Hackazon REST Service

The documentation for Hackazon's API is here:

https://github.com/rapid7/hackazon/blob/master/REST.md

According to the documentation, Hackazon supports Basic Authentication for the first request to /api/auth, and after that requires Token authentication.

Using Basic Authentication

In the top center, after "GET", type

https://hackazons.samsclass.info/api/auth

Below that URL, click the Authorization tab. Select a TYPE of "Basic Auth".

On the right side, enter the username and password you registered at Hackazon.

Click the blue Send button.

In the lower portion of the window, a token appears, as shown below.

Viewing Your Orders

In Postman, enter these values: In the top pane of Postman, click the Headers tab.

Enter a new header with a KEY of Authorization and a VALUE of Token followed by a space and the long value that appears in the bottom pane, as shown below.

Click the blue Send button.

In the lower portion of the window, data appears, as shown below.

Save a screen shot or copy this response to Notepad--you will need this data below.

Adding Another Order

In Postman, change the Method to POST.

In the top pane of Postman, click the Headers tab.

Enter a new header with a KEY of Content-Type and a VALUE of application/xml, as shown below.

In the top pane of Postman, click the Body tab. Click the raw button.

Carefully enter this content, adjusting the dates to the correct date and time, and the names, email, and customer ID to match your values, as shown below.

<?xml version="1.0"?>
<order>
        <created_at>2020-02-20 15:00:57</created_at>
        <updated_at>2020-02-20 18:00:57</updated_at>
        <customer_firstname>test4</customer_firstname>
        <customer_lastname></customer_lastname>
        <customer_email>test4@aol.com</customer_email>
        <status>complete</status>
        <comment></comment>
        <customer_id>242</customer_id>
        <payment_method>wire transfer</payment_method>
        <shipping_method>mail</shipping_method>
        <coupon_id></coupon_id>
        <discount>0</discount>
</order>
Click the blue Send button.

In the lower portion of the window, the data you sent is echoed back to you in JSON form, as shown below.

If you get an "Invalid XML Body" error, make sure you don't have any spaces before the start of the first line in the message body.

Viewing the New Order

In your Web browser, in the Hackazon page, at the top right of the page, click "Your account". In the pop-up menu, click "My orders".

You see two orders, as shown below.

Flag W 300.1: Price (15 pts)

Click the blue Order No for the top order.

The order details appear. The flag is the price, covered by a blue rectangle in the image below.

References

Facebook for developers: Posting to a Page
Can We Access Facebook Api Using Postman client
2020 Updated: How to get Facebook application id and secret key?
Hackazon realistic e-commerce Hack platform
Hackazon REST Service


Posted 2-19-2020