{ "info": { "_postman_id": "5014e448-1491-4952-bc46-e6698dcea545", "name": "Approov Quickstarts - Hello World", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", "_exporter_id": "20280189" }, "item": [ { "name": "Approov Token Protected Server", "item": [ { "name": "valid requests", "item": [ { "name": "/ - Approov token with valid signature and expire time", "request": { "method": "GET", "header": [ { "key": "Authorization", "type": "text", "value": "Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE1NTA2OTkyNDgsImV4cCI6MjExNzA1MTI0OCwiYXVkIjoiIiwic3ViIjoiIn0.tqitpZDE4rRT9TFKz7WOn0YPufQwriU2Brq3--pWXUY" }, { "key": "Approov-Token", "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjIwNTAzNjk2MzYsImlzcyI6ImFwaS5leGFtcGxlLmNvbSJ9.fVIrUEUABZvDTsV5eAGXhL0DBDAzGj3QSMY6setlyB8", "type": "text" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [ { "name": "/ - Approov token with valid signature and expire time", "originalRequest": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjQ3MDg2ODMyMDUuODkxOTEyfQ.c8I4KNndbThAQ7zlgX4_QDtcxCrD9cff1elaCJe9p9U" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "cache-control", "value": "max-age=0, private, must-revalidate" }, { "key": "content-length", "value": "27" }, { "key": "content-type", "value": "application/json; charset=utf-8" }, { "key": "date", "value": "Wed, 30 Mar 2022 14:51:35 GMT" }, { "key": "server", "value": "Cowboy" }, { "key": "x-request-id", "value": "FuEwKh3PRbcRgoQAAAJn" } ], "cookie": [], "body": "{\n \"message\": \"Hello, World!\"\n}" }, { "name": "/ - Approov token with valid signature and expire time", "originalRequest": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjQ3MDg2ODMyMDUuODkxOTEyfQ.c8I4KNndbThAQ7zlgX4_QDtcxCrD9cff1elaCJe9p9U" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "cache-control", "value": "max-age=0, private, must-revalidate" }, { "key": "content-length", "value": "27" }, { "key": "content-type", "value": "application/json; charset=utf-8" }, { "key": "date", "value": "Wed, 30 Mar 2022 14:52:45 GMT" }, { "key": "server", "value": "Cowboy" }, { "key": "x-request-id", "value": "FuEwOn45UwVbuYsAAAKH" } ], "cookie": [], "body": "{\n \"message\": \"Hello, World!\"\n}" } ] } ] }, { "name": "invalid requests", "item": [ { "name": "/ - Approov token -> Invalid number of segments", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "adasdasdsadasd" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Approov token -> Empty value", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Approov token -> Mssing in the request headers", "request": { "method": "GET", "header": [], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Approov token -> Invalid signature", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NTUwODMzNDkuMzc3NzYyM30.XzZs_ItunAmisfTAuLLHqTytNnQqnwqh0Koh3PPKAoA" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - `exp` claim -> Empty in the Approov token", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOiIifQ.ylUP-04S9-hzv_b7z51Jost7shPiOvizKbKqtUoHv0s" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - `exp` claim -> Missing in the Approov token", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcGkuZXhhbXBsZS5jb20ifQ.7o5s4wMuWlzgKAps9LIItJFfr1sCP31BFwPLQDE5kPs" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - `exp` claim -> Expired for an Approov token with a valid signature", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NTAzMDI4MTZ9.1MlmDnPHlgPzKPqHxsPd6HBZ-DYbDB16qGutk7Eheb8" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] } ] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Approov Token Binding Protected Server", "item": [ { "name": "valid requests", "item": [ { "name": "/ - Approov token with a token binding that matches the authorization token", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjIwNTgwMTgyMjQsInBheSI6IlZRRkZQSlo2ODJhT3R4Uk1qejBrdENIbXlXZUVFZVNNdlhoMXVEOEozdms9In0.z49IgxajNv18nW5sGE1EOg9nSfA9ba-6VcIZE-FPHXU" }, { "key": "Authorization", "type": "text", "value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] } ] }, { "name": "invalid requests", "item": [ { "name": "/ - Approov token -> Invalid number of segments", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "adasdasdsadasd" }, { "key": "Authorization", "value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", "type": "text" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Approov token -> Empty value", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Approov token -> Mssing in the request headers", "request": { "method": "GET", "header": [ { "key": "Authorization", "type": "text", "value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Approov token -> Invalid signature", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NTUwODMzNDkuMzc3NzYyM30.XzZs_ItunAmisfTAuLLHqTytNnQqnwqh0Koh3PPKAoA" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - `exp` claim -> Empty in the Approov token", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOiIifQ.ylUP-04S9-hzv_b7z51Jost7shPiOvizKbKqtUoHv0s" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - `exp` claim -> Missing in the Approov token", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcGkuZXhhbXBsZS5jb20ifQ.7o5s4wMuWlzgKAps9LIItJFfr1sCP31BFwPLQDE5kPs" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - `exp` claim -> Expired for an Approov token with a valid signature", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjEwNTUwODMzNDl9.aWXw4q0VBAIpnbU-CfnvGCQmxhvkFzadfEidc04ycA0" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Missing the Authorization token", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjIwNTgwMTgyMjQsInBheSI6IlZRRkZQSlo2ODJhT3R4Uk1qejBrdENIbXlXZUVFZVNNdlhoMXVEOEozdms9In0.z49IgxajNv18nW5sGE1EOg9nSfA9ba-6VcIZE-FPHXU" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Approov token binding not matching the authorization token", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjIwNTg2ODM0NTcsInBheSI6IjU2NnZRV2FXR0JncytLRTh5c2pUVFBRdGdwdWUrWExNcXg4ZVlvYkNySTA9In0.fFc16OE-zBlyvP9qX_EL6W4xAO0mFsqwgJ18php6Io4" }, { "key": "Authorization", "type": "text", "value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] }, { "name": "/ - Approov token without the token binding claim", "request": { "method": "GET", "header": [ { "key": "Approov-Token", "type": "text", "value": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjIwNTg2ODMyMDV9.13h7Pl3KndC9P8i5LKI5K3gZFkJPupRR2a8uMYdn568" }, { "key": "Authorization", "type": "text", "value": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" } ], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [] } ] } ], "event": [ { "listen": "prerequest", "script": { "type": "text/javascript", "exec": [ "" ] } }, { "listen": "test", "script": { "type": "text/javascript", "exec": [ "" ] } } ] }, { "name": "Unprotected Server", "request": { "method": "GET", "header": [], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "response": [ { "name": "Unprotected Server", "originalRequest": { "method": "GET", "header": [], "url": { "raw": "{{DOMAIN}}", "host": [ "{{DOMAIN}}" ] } }, "status": "OK", "code": 200, "_postman_previewlanguage": "json", "header": [ { "key": "cache-control", "value": "max-age=0, private, must-revalidate" }, { "key": "content-length", "value": "27" }, { "key": "content-type", "value": "application/json; charset=utf-8" }, { "key": "date", "value": "Thu, 31 Mar 2022 14:50:58 GMT" }, { "key": "server", "value": "Cowboy" }, { "key": "x-request-id", "value": "FuF-th38U1xaSXIAAAAi" } ], "cookie": [], "body": "{\n \"message\": \"Hello, World!\"\n}" } ] } ] }