Tips & tricks for development process


manual API-Tests

For manual API tests that need more functionality than swagger offeres (e.g. using unallowed methods or omitting required fields), httpie is a nice tool.

To get the CSRF-Tokens right, you have to adjust the arguments:

First call any valid endpoint that does not need CSRF validation (e.g. any other than POST or the login POST):

In the response, you will receive the csrftoken as cookie. Append this to all following requests, it is valid for all following requests.