You are reviewing a logistics management platform and use Postman to check if user credentials stored in environment variables allow access beyond intended permissions. You suspect one set of credentials grants unauthorized privileges. Which action reveals a restricted endpoint?
Use saved tokens in repeated requests and check for resource access based on response codes
Perform automated scans using default role configurations
Substitute variable references with placeholders and review any returned errors for insights
Change a single request string by hand and focus testing on a single parameter set
Sending multiple requests with each credential set in environment variables and analyzing responses can uncover responses meant for higher-level roles. Relying solely on default scans might miss hidden paths, while focusing on a single request string or disregarding returned outputs can miss unexpected configurations or roles.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does Postman do in testing APIs?
Open an interactive chat with Bash
What do environment variables in Postman refer to?
Open an interactive chat with Bash
How do HTTP response codes indicate unauthorized access?