How to test Digest Auth by using Rest Assured

 



What is Digest Authentication?

  • Digest Authentication is a security mechanism used by servers to verify the identity of a client (user or system) before allowing access to protected resources.
  • Unlike Basic Authentication (where username and password are sent in plain text encoded with Base64)

Digest Authentication is more secure because:

  • It applies a hashing algorithm (like MD5/SHA) to the credentials before sending them over the network.
  • The server sends a nonce (a random value) to the client.
  • The client combines the nonce, username, password, HTTP method, and requested URI → then hashes them → and sends the hashed value back.
  • The server performs the same hashing process and compares results. If they match → authentication succeeds.

How to test Digest Authentication in Rest Assured

In Rest Assured, testing Digest Authentication involves these steps:

1. Specify authentication type as Digest
  • Instead of default/basic authentication, explicitly tell Rest Assured to use digest authentication.
2. Provide credentials
  • Pass the username and password required by the server for authentication.
3. Send the request
  • Rest Assured automatically performs the handshake with the server (sending nonce, hashing, etc.).
4. Validate the response
  • Once authenticated, the server will return the protected resource.
  • You can then test the response body, status code, or headers to confirm access was granted.



API Endpoint for Testing:

https://httpbin.org/digest-auth/auth/user/passwd


This endpoint expects:

  • Username: user

  • Password: passwd

















Steps to Use Digest Auth in Rest Assured:


Maven dependencies:

<!-- Maven Dependency -->
<dependency>
    <groupId>io.rest-assured</groupId>
    <artifactId>rest-assured</artifactId>
    <version>5.4.0</version>
    <scope>test</scope>
</dependency>




Java Code: Digest Auth with Rest Assured

import io.restassured.RestAssured;
import static io.restassured.RestAssured.*;
import static org.hamcrest.Matchers.*;

public class DigestAuthExample {

    public static void main(String[] args) {

        RestAssured.baseURI = "https://httpbin.org";

        given()
            .auth()
            .digest("user", "passwd") // Digest Auth
        .when()
            .get("/digest-auth/auth/user/passwd")
        .then()
            .statusCode(200)
            .body("authenticated", equalTo(true))
            .body("user", equalTo("user"))
            .log().all(); // Print full response
    }
}


Code explanation:

(a) Set base URI
(b) Set request by digest authentication code
(c) Get response and log response on console.



Output:

{
  "authenticated": true,
  "user": "user"
}

Above is the response of API which is logged on console.


Suggested Posts:

1. Overview of RestAssured
2. Features of RestAssured
3. Test DELETE API in RestAssured
4. First RestAssured Code to Test API
5. How to Test Basic Authentication in RestAssured

Previous
Next

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)