Test your understanding with these 10 hands-on exercises. Each one targets a specific API testing skill. Try to solve them before checking the hints.
Try registering again with the same email you already used. What status code and error code do you get?
Expected: Status 409 Conflict with error code CONFLICT.
Try logging in with a wrong password. What error code and status do you get?
Expected: Status 401 with error code INVALID_CREDENTIALS.
Call GET BASE_URL/auth/me without the Authorization header. What happens?
Expected: Status 401 with error code AUTHENTICATION_REQUIRED.
Use the products endpoint with category and maxPrice filters to find all electronics products under Rs 5,000.
Find all products in the books category, sorted by price from low to high.
Get page 3 of products with 3 items per page. Inspect the meta object in the response. What does hasPrevPage show?
Try creating an order with a product ID that does not exist (e.g., prod-999). What error do you get?
Complete the full order lifecycle: Create an order → Verify it in your orders list → Cancel it → Confirm the status changed to cancelled.
Use curl -i on any endpoint. Find these headers in the response: X-Request-Id, X-RateLimit-Limit, and Content-Type.
The -i flag tells curl to include response headers in the output.
Your account has an API key (shown in register/profile response). Use the X-API-Key header instead of the Authorization: Bearer header to call GET /auth/me.
curl BASE_URL/auth/me \
-H "X-API-Key: YOUR_API_KEY"Q: What is the difference between Bearer Token and API Key authentication?
A: A Bearer Token (JWT) is short-lived (typically 1 hour), tied to a user session, and must be refreshed by logging in again. An API Key is a long-lived static credential tied to an account, suitable for server-to-server communication. In production, API keys should be treated as passwords and never exposed in client-side code.