This post and video shows how to use the Mirror Mode in API Challenges.
What are the API Challenges?
Our API Challenges Application has a fully functional cloud hosted API, and a set of challenges to work through.
The API has a mirror mode, this allows you to experiment with different verbs and configurations.
You will see, in your API tool, a response showing you the details of the request that you sent.
Will return 200… everything (almost) returns a 200.
GET http://apichallenges.herokuapp.com/mirror/request Query Params ============ IP ======= 0:0:0:0:0:0:0:1 Headers ======= Accept: */* Content-Length: 0 Host: localhost:4567 User-Agent: insomnia/2021.2.2 Body ====
head respond differently… because
head should respond differently.
Useful for getting started and getting used to your tooling.
If you want the response in XML or JSON then add the relevant
Mirror Mode Reflections
The mirror mode is another way of seeing the ’true’ request received.
You can also use the Insomnia Timeline to see the request.
In Postman you can use the Postman Console to see the requests.
The Mirror Mode shows you the request received by the server. When run on Localhost there are no intermediate systems so you can see what the tooling sends.
When run on apichallenges.herokuapp.com you see that the Heroku environment adds additional headers in to the request.
Very often we are not aware of this level of amendment when testing and may not test for this.
The Mirror mode makes it clear that there are multiple systems involved in issuing a request and they can all pose a risk to the system.