Hi There, Where can I find the purpose of OTK Access Token Retrieval assertion?
Hello PopleysYsb ,
It finds the OAuth 2.0 access_token within the http request header, http request parameter or uses the given one. It will fail if a token is found at multiple locations.
Thanks for the response. I understand the client sends the access token request over HTTP to the API which is being invoked. But i didn't understand the following part "uses the given one. It will fail if a token is found at multiple locations"
You can input an access token on the properties window of this assertion. That's what "given one" means. When you provide a give token, token in header, or in query string are not allowed.
The main purpose of this assertion is to validate the token location, you can specify only allow token from header (or parameter, or "given one")
In any case, the token cannot appear at multiple locations, token cannot be empty, token cannot contain space.