Ben Dowen

Ben Dowen

The Full snack tester. Writing test code and celebrating the Software Testing Community every day

Evil API Challenge - Part 1

2 minute read

Evil Tester

I’m finally getting around to attempting the API Challenges from Alan Richardson, The Evil Tester.

Plan of attack

I’m going to start by using the deployed Heroku App, so I can avoid doing the setup to run it locally for now. I may switch things up later.

My first tool of choice is Insomnia, this is one of my personal favorite GUI HTTP Clients. I’ve loaded it up with the OpenAPI file provided on the challenge page.

I’ve already had a quick scan of the API Doc, and next I’m going to start attacking the challenges.

Header ache

While I could simply stick within Insomnia for the full challenge, after all this is an API challenge. I want to see my progress on the webpage. I know it should be easy enough in theory to add the X-Challenger header to my requests. Or I thought it would be. But I have so far failed to find a way to do it in Chrome or Firefox without an extension.

This gives me an opportunity to try a tool I only recently heard of, that I’ve been waiting for an excuse to try out. HTTP Toolkit, as I understand it, should allow me to intercept my requests to the API challenge site and inject the header.

HTTP Toolkit mock and rewrite

After trying for a good 10 minutes to use the Mock and Re-write feature, I failed to get the webpage to load with the edited header. Not a great first impression with HTTP Toolkit. Intercepting and viewing the HTTP traffic with Firefox was easy, but the edit and re-write just didn’t work. The request didn’t have my injected header.

HTTP Header Live

Next, I’ll try an extension for Firefox starting with HTTP Header Live. While this was easy to use, I didn’t manage to get the results I wanted. So, I re-read the challenge. It turns out, I was massively over-complicating things. And I simply needed to goto challenges/My_challenger_id, to see my progress.

GETing stuck in

Now I’m getting the hang of it, I breeze though the GET and HEAD challenges in a few moments. At this point, I’m wondering if I’m missing something meta, in terms of looking for, as James Thomas would put it, incongruities.

I think I would like to re-visit this challenge at some point, taking a bit more time to set some of my own expectations and more carefully consider the result. Great! This means I have a new mission I can run later.

That is all for now

And, I’ve come to the end of my time-box. I hope to re-visit this and make further progress. I will either update this post, or make a series and link this post and any future attempts together. We will see how the mood takes me.

Updated:

You May Also Enjoy