How to test Digest Auth by using Rest Assured

 



What is Digest Authentication?

  • Digest Authentication is a security mechanism used by servers to verify the identity of a client (user or system) before allowing access to protected resources.
  • Unlike Basic Authentication (where username and password are sent in plain text encoded with Base64)

Digest Authentication is more secure because:

  • It applies a hashing algorithm (like MD5/SHA) to the credentials before sending them over the network.
  • The server sends a nonce (a random value) to the client.
  • The client combines the nonce, username, password, HTTP method, and requested URI → then hashes them → and sends the hashed value back.
  • The server performs the same hashing process and compares results. If they match → authentication succeeds.

How to test Digest Authentication in Rest Assured

In Rest Assured, testing Digest Authentication involves these steps:

1. Specify authentication type as Digest
  • Instead of default/basic authentication, explicitly tell Rest Assured to use digest authentication.
2. Provide credentials
  • Pass the username and password required by the server for authentication.
3. Send the request
  • Rest Assured automatically performs the handshake with the server (sending nonce, hashing, etc.).
4. Validate the response
  • Once authenticated, the server will return the protected resource.
  • You can then test the response body, status code, or headers to confirm access was granted.



API Endpoint for Testing:

https://httpbin.org/digest-auth/auth/user/passwd


This endpoint expects:

  • Username: user

  • Password: passwd

















Steps to Use Digest Auth in Rest Assured:


Maven dependencies:

<!-- Maven Dependency -->
<dependency>
    <groupId>io.rest-assured</groupId>
    <artifactId>rest-assured</artifactId>
    <version>5.4.0</version>
    <scope>test</scope>
</dependency>




Java Code: Digest Auth with Rest Assured

import io.restassured.RestAssured;
import static io.restassured.RestAssured.*;
import static org.hamcrest.Matchers.*;

public class DigestAuthExample {

    public static void main(String[] args) {

        RestAssured.baseURI = "https://httpbin.org";

        given()
            .auth()
            .digest("user", "passwd") // Digest Auth
        .when()
            .get("/digest-auth/auth/user/passwd")
        .then()
            .statusCode(200)
            .body("authenticated", equalTo(true))
            .body("user", equalTo("user"))
            .log().all(); // Print full response
    }
}


Code explanation:

(a) Set base URI
(b) Set request by digest authentication code
(c) Get response and log response on console.



Output:

{
  "authenticated": true,
  "user": "user"
}

Above is the response of API which is logged on console.


Suggested Posts:

1. Overview of RestAssured
2. Features of RestAssured
3. Test DELETE API in RestAssured
4. First RestAssured Code to Test API
5. How to Test Basic Authentication in RestAssured

No comments:
Subscribe to: Comments (Atom)