Skip to main content

May 29, 2021 - 3 minute read - API Testing API Challenges Evil Tester

Challenge 18 - How To - GET todos No Accept - 200

This post and video shows how to complete the challenge GET /todos No Accept (200) to successfully GET all the todos in JSON format but ensure we do not pass in an accept header.

What are the API Challenges?

Our API Challenges Application has a fully functional cloud hosted API, and a set of challenges to work through.

GET /todos No Accept (200)

When we issue a request with no accept header, we should receive the default from the server. But… sending a request without an Accept header might be harder depending on the tool we use.

Issue a GET request on the /todos end point with no Accept header to receive results in JSON format.

  • GET request will receive a response with all the todo items
    • e.g. GET /todos to get all the todo items
  • 200 is a success code, in this case it means the end point exists and the `todo items were returned
  • No Accept means that the request should not include an Accept header
  • add the X-CHALLENGER header to track progress

Basic Instructions

  • Issue a GET request to end point “/todos”
    • if running locally that endpoint would be
      • http://localhost:4567/todos
    • if running in the cloud that endpoint would be
      • https://apichallenges.herokuapp.com/todos
  • The request should not have an Accept header at all
  • The request should have an X-CHALLENGER header to track challenge completion
  • The response status code should be 200 when all the details are valid.
  • Check the body of the message has JSON format data, which is the default from the server
  • Check the content-type header in the response has application/json

Sometimes it is useful to send our requests through a proxy or look at the debug output from our tool to make sure that we are sending the requests we expect to send.

A Proxy can also be used to amend the request and remove the headers.

cURL may provide more flexibility for doing this than other tools. In Insomnia, right click on the [Send] button and Generate Client Code for cURL. Then amend the code to remove the header by adding --header 'Accept:'

cURL Details

curl --request GET \
  --url https://apichallenges.herokuapp.com/todos \
  --header 'X-CHALLENGER: x-challenger-guid'
  --header 'Accept:'
  -v

Hints:

  • add --header 'Accept:' to the generated code to remove Accept header from the request.
  • add -v to the generated code if you want to see the full response output.
> GET /todos HTTP/1.1
> Host: apichallenges.herokuapp.com
> User-Agent: curl/7.64.1
> X-CHALLENGER: x-challenger-guid
> 
< HTTP/1.1 200 OK
< Connection: close
< Date: Sat, 29 May 2021 10:35:04 GMT
< Content-Type: application/json
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: *
< X-Challenger: x-challenger-guid
< Server: Jetty(9.4.z-SNAPSHOT)
< Via: 1.1 vegur

Example Response body:

{"todos":[{"id":280,"title":"install webcam","doneStatus":false,"description":""}]}

Overview Video

Watch on YouTube

Patreon ad free version

Learn More and Start Testing


You will need a Github account to comment. Or you can contact me with your comment.

I reserve the right to delete spam comments e.g. if your comment adds no value and its purpose is simply to create a backlink to another site offering training, or courses, etc.