{ "info": { "name": "MockAPI Collection", "description": "Postman collection for testing MockAPI with OAuth2 provider", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "variable": [ { "key": "baseUrl", "value": "http://localhost:8000", "type": "string" }, { "key": "adminUsername", "value": "admin", "type": "string" }, { "key": "adminPassword", "value": "admin123", "type": "string" }, { "key": "clientId", "value": "test_client", "type": "string" }, { "key": "clientSecret", "value": "test_secret", "type": "string" }, { "key": "accessToken", "value": "", "type": "string" }, { "key": "authCode", "value": "", "type": "string" }, { "key": "refreshToken", "value": "", "type": "string" }, { "key": "endpointId", "value": "", "type": "string" }, { "key": "oauthClientId", "value": "", "type": "string" } ], "item": [ { "name": "Health Check", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/health", "host": ["{{baseUrl}}"], "path": ["health"] }, "description": "Basic health endpoint" }, "response": [] }, { "name": "Admin - Login", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "username", "value": "{{adminUsername}}", "type": "text" }, { "key": "password", "value": "{{adminPassword}}", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/admin/login", "host": ["{{baseUrl}}"], "path": ["admin", "login"] }, "description": "Admin authentication (sets session cookie)" }, "response": [] }, { "name": "Mock Endpoints", "item": [ { "name": "List Endpoints", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/admin/endpoints", "host": ["{{baseUrl}}"], "path": ["admin", "endpoints"] }, "description": "List all mock endpoints" }, "response": [] }, { "name": "Create Mock Endpoint", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "route", "value": "/api/greeting/{name}", "type": "text" }, { "key": "method", "value": "GET", "type": "text" }, { "key": "response_body", "value": "{\"message\": \"Hello, {{ name }}!\", \"timestamp\": \"{{ timestamp }}\"}", "type": "text" }, { "key": "response_code", "value": "200", "type": "text" }, { "key": "content_type", "value": "application/json", "type": "text" }, { "key": "is_active", "value": "true", "type": "text" }, { "key": "variables", "value": "{}", "type": "text" }, { "key": "headers", "value": "{}", "type": "text" }, { "key": "delay_ms", "value": "0", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/admin/endpoints", "host": ["{{baseUrl}}"], "path": ["admin", "endpoints"] }, "description": "Create a new mock endpoint" }, "event": [ { "listen": "test", "script": { "exec": [ "// Extract endpoint ID from response location header", "if (pm.response.headers.get('Location')) {", " const location = pm.response.headers.get('Location');", " const match = location.match(/\\/admin\\/endpoints\\/(\\d+)/);", " if (match && match[1]) {", " pm.collectionVariables.set('endpointId', match[1]);", " console.log('Endpoint ID saved:', match[1]);", " }", "}" ], "type": "text/javascript" } } ], "response": [] }, { "name": "Call Mock Endpoint", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/api/greeting/World", "host": ["{{baseUrl}}"], "path": ["api", "greeting", "World"] }, "description": "Call the created mock endpoint" }, "response": [] }, { "name": "Call Mock Endpoint with Query", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/api/greeting/World?format=json", "host": ["{{baseUrl}}"], "path": ["api", "greeting", "World"], "query": [ { "key": "format", "value": "json" } ] }, "description": "Call mock endpoint with query parameter" }, "response": [] }, { "name": "Update Endpoint", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "route", "value": "/api/greeting/{name}", "type": "text" }, { "key": "method", "value": "GET", "type": "text" }, { "key": "response_body", "value": "{\"message\": \"Hello, {{ name }}! Welcome to MockAPI.\", \"timestamp\": \"{{ timestamp }}\"}", "type": "text" }, { "key": "response_code", "value": "200", "type": "text" }, { "key": "content_type", "value": "application/json", "type": "text" }, { "key": "is_active", "value": "true", "type": "text" }, { "key": "variables", "value": "{}", "type": "text" }, { "key": "headers", "value": "{}", "type": "text" }, { "key": "delay_ms", "value": "100", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/admin/endpoints/{{endpointId}}", "host": ["{{baseUrl}}"], "path": ["admin", "endpoints", "{{endpointId}}"] }, "description": "Update an existing endpoint" }, "response": [] }, { "name": "Delete Endpoint", "request": { "method": "POST", "header": [], "url": { "raw": "{{baseUrl}}/admin/endpoints/{{endpointId}}/delete", "host": ["{{baseUrl}}"], "path": ["admin", "endpoints", "{{endpointId}}", "delete"] }, "description": "Delete an endpoint" }, "response": [] } ] }, { "name": "OAuth2", "item": [ { "name": "Create OAuth Client (via Admin)", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "client_name", "value": "Test Client", "type": "text" }, { "key": "redirect_uris", "value": "http://localhost:8080/callback,https://example.com/cb", "type": "text" }, { "key": "grant_types", "value": "authorization_code,client_credentials,refresh_token", "type": "text" }, { "key": "scopes", "value": "openid profile email api:read api:write", "type": "text" }, { "key": "is_active", "value": "true", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/admin/oauth/clients", "host": ["{{baseUrl}}"], "path": ["admin", "oauth", "clients"] }, "description": "Create an OAuth client via admin interface" }, "response": [] }, { "name": "Client Credentials Grant", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "auth": { "type": "basic", "basic": [ { "key": "username", "value": "{{clientId}}", "type": "string" }, { "key": "password", "value": "{{clientSecret}}", "type": "string" } ] }, "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "client_credentials", "type": "text" }, { "key": "scope", "value": "api:read", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/oauth/token", "host": ["{{baseUrl}}"], "path": ["oauth", "token"] }, "description": "Obtain access token using client credentials grant" }, "event": [ { "listen": "test", "script": { "exec": [ "// Save access token from response", "if (pm.response.code === 200) {", " const response = pm.response.json();", " pm.collectionVariables.set('accessToken', response.access_token);", " if (response.refresh_token) {", " pm.collectionVariables.set('refreshToken', response.refresh_token);", " }", " console.log('Access token saved:', response.access_token.substring(0, 20) + '...');", "}" ], "type": "text/javascript" } } ], "response": [] }, { "name": "Authorization Code Grant - Step 1: Get Auth Code", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/oauth/authorize?response_type=code&client_id={{clientId}}&redirect_uri=http://localhost:8080/callback&scope=api:read openid&state=xyz123", "host": ["{{baseUrl}}"], "path": ["oauth", "authorize"], "query": [ { "key": "response_type", "value": "code" }, { "key": "client_id", "value": "{{clientId}}" }, { "key": "redirect_uri", "value": "http://localhost:8080/callback" }, { "key": "scope", "value": "api:read openid" }, { "key": "state", "value": "xyz123" } ] }, "description": "First step: get authorization code (user redirects)" }, "response": [] }, { "name": "Authorization Code Grant - Step 2: Exchange Code for Token", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "authorization_code", "type": "text" }, { "key": "code", "value": "{{authCode}}", "type": "text" }, { "key": "redirect_uri", "value": "http://localhost:8080/callback", "type": "text" }, { "key": "client_id", "value": "{{clientId}}", "type": "text" }, { "key": "client_secret", "value": "{{clientSecret}}", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/oauth/token", "host": ["{{baseUrl}}"], "path": ["oauth", "token"] }, "description": "Second step: exchange authorization code for tokens" }, "event": [ { "listen": "test", "script": { "exec": [ "// Save tokens from response", "if (pm.response.code === 200) {", " const response = pm.response.json();", " pm.collectionVariables.set('accessToken', response.access_token);", " if (response.refresh_token) {", " pm.collectionVariables.set('refreshToken', response.refresh_token);", " }", " console.log('Access token saved:', response.access_token.substring(0, 20) + '...');", "}" ], "type": "text/javascript" } } ], "response": [] }, { "name": "Refresh Token Grant", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "grant_type", "value": "refresh_token", "type": "text" }, { "key": "refresh_token", "value": "{{refreshToken}}", "type": "text" }, { "key": "client_id", "value": "{{clientId}}", "type": "text" }, { "key": "client_secret", "value": "{{clientSecret}}", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/oauth/token", "host": ["{{baseUrl}}"], "path": ["oauth", "token"] }, "description": "Refresh access token using refresh token" }, "event": [ { "listen": "test", "script": { "exec": [ "// Save new tokens from response", "if (pm.response.code === 200) {", " const response = pm.response.json();", " pm.collectionVariables.set('accessToken', response.access_token);", " if (response.refresh_token) {", " pm.collectionVariables.set('refreshToken', response.refresh_token);", " }", " console.log('New access token saved:', response.access_token.substring(0, 20) + '...');", "}" ], "type": "text/javascript" } } ], "response": [] }, { "name": "User Info", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{accessToken}}", "type": "text" } ], "url": { "raw": "{{baseUrl}}/oauth/userinfo", "host": ["{{baseUrl}}"], "path": ["oauth", "userinfo"] }, "description": "Get user info using access token" }, "response": [] }, { "name": "Token Introspection", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "auth": { "type": "basic", "basic": [ { "key": "username", "value": "{{clientId}}", "type": "string" }, { "key": "password", "value": "{{clientSecret}}", "type": "string" } ] }, "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{accessToken}}", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/oauth/introspect", "host": ["{{baseUrl}}"], "path": ["oauth", "introspect"] }, "description": "Introspect token (RFC 7662)" }, "response": [] }, { "name": "Token Revocation", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "auth": { "type": "basic", "basic": [ { "key": "username", "value": "{{clientId}}", "type": "string" }, { "key": "password", "value": "{{clientSecret}}", "type": "string" } ] }, "body": { "mode": "urlencoded", "urlencoded": [ { "key": "token", "value": "{{accessToken}}", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/oauth/revoke", "host": ["{{baseUrl}}"], "path": ["oauth", "revoke"] }, "description": "Revoke token (RFC 7009)" }, "response": [] }, { "name": "OpenID Connect Discovery", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/.well-known/openid-configuration", "host": ["{{baseUrl}}"], "path": [".well-known", "openid-configuration"] }, "description": "OpenID Connect discovery endpoint" }, "response": [] } ] }, { "name": "Admin OAuth Management", "item": [ { "name": "List OAuth Clients", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/admin/oauth/clients", "host": ["{{baseUrl}}"], "path": ["admin", "oauth", "clients"] }, "description": "List OAuth clients in admin interface" }, "response": [] }, { "name": "List OAuth Tokens", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/admin/oauth/tokens", "host": ["{{baseUrl}}"], "path": ["admin", "oauth", "tokens"] }, "description": "List OAuth tokens in admin interface" }, "response": [] }, { "name": "List OAuth Users", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/admin/oauth/users", "host": ["{{baseUrl}}"], "path": ["admin", "oauth", "users"] }, "description": "List OAuth users in admin interface" }, "response": [] } ] }, { "name": "Protected Endpoint Example", "item": [ { "name": "Create OAuth-Protected Endpoint", "request": { "method": "POST", "header": [ { "key": "Content-Type", "value": "application/x-www-form-urlencoded", "type": "text" } ], "body": { "mode": "urlencoded", "urlencoded": [ { "key": "route", "value": "/api/protected/data", "type": "text" }, { "key": "method", "value": "GET", "type": "text" }, { "key": "response_body", "value": "{\"data\": \"This is protected data\", \"timestamp\": \"{{ timestamp }}\"}", "type": "text" }, { "key": "response_code", "value": "200", "type": "text" }, { "key": "content_type", "value": "application/json", "type": "text" }, { "key": "is_active", "value": "true", "type": "text" }, { "key": "requires_oauth", "value": "true", "type": "text" }, { "key": "oauth_scopes", "value": "[\"api:read\"]", "type": "text" }, { "key": "variables", "value": "{}", "type": "text" }, { "key": "headers", "value": "{}", "type": "text" }, { "key": "delay_ms", "value": "0", "type": "text" } ] }, "url": { "raw": "{{baseUrl}}/admin/endpoints", "host": ["{{baseUrl}}"], "path": ["admin", "endpoints"] }, "description": "Create an endpoint that requires OAuth2 authentication" }, "response": [] }, { "name": "Call Protected Endpoint (Unauthorized)", "request": { "method": "GET", "header": [], "url": { "raw": "{{baseUrl}}/api/protected/data", "host": ["{{baseUrl}}"], "path": ["api", "protected", "data"] }, "description": "Call protected endpoint without authentication (should fail)" }, "response": [] }, { "name": "Call Protected Endpoint (Authorized)", "request": { "method": "GET", "header": [ { "key": "Authorization", "value": "Bearer {{accessToken}}", "type": "text" } ], "url": { "raw": "{{baseUrl}}/api/protected/data", "host": ["{{baseUrl}}"], "path": ["api", "protected", "data"] }, "description": "Call protected endpoint with valid access token" }, "response": [] } ] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "// Pre-request script can be used for setup", "console.log('MockAPI Collection - Base URL:', pm.collectionVariables.get('baseUrl'));" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "// Global test script", "console.log('Request completed:', pm.request.url);" ] } } ], "auth": null }