Type of testing: Endpoint Testing
Status: Code 403
Step to Reproduce (Mock Server)
- Create a Mock Server in Postman
- Add endpoint: GET /orders/123
- Add Authorization header (but invalid / insufficient permissions)
- Define response: 403 Forbidden
- Send request → observe access denied
Added screenshot of request & response:
What This Shows:
- The request is valid and authenticated
- But the user does not have permission
- API correctly enforces authorization rules
Pro Tips:
- Always test different roles (admin vs user)
- Validate access to restricted endpoints
- Check responses for proper permission handling
Lesson:
“You’re authenticated… just not important enough.”