🔹 STEP 1 — What is API (Deep Understanding) API = Application Programming Interface API is basically a contract/interface that allows two systems to communicate. 👉 Real-world example: When you book a ride in Uber, the Uber app shows maps, routes, distance. But Uber does NOT build maps. It uses Google Maps API. 👉 Flow: Uber App → Google Maps API → Google Servers → Response → Uber App 👉 So yes, your understanding is correct: Uber UI is using Google Maps API (3rd party API) 👉 Another example: When you login using “Login with Google” 👉 Your app → Google API → Google verifies → sends response 👉 Key understanding: API does NOT show: how database works how logic is written It only exposes: request (input) response (output) 👉 Real example: GET /users/1 Response: {   "id": 1,   "name": "Wasim" } 👉 Interview line: API acts as a contract between client and server, enabling communication without exposing internal implementation. 🔹 STEP 2 — API vs UI Testing (Deep) In any application, there are layers: UI Layer → API Layer → Database 👉 Real-world example: Amazon: UI → you Search “iPhone” API →  /products?name=iphone DB → fetch data 👉 Difference: UI testing: You click buttons Depends on frontend Slow API testing: Direct request No UI dependency Faster and more stable 👉 Critical insight: If button is broken → UI fails But API may still work 👉 Example: Login button not clickable → UI fail But API  /login  works perfectly 👉 Interview line: API testing validates business logic directly without UI dependency. 🔹 STEP 3 — Types of APIs 👉  REST  (most used in real projects) Uses HTTP Uses JSON Stateless Example: GET /users 👉  SOAP  (old enterprise systems) Uses XML Strict structure Banking / legacy apps 👉  GraphQL  (modern flexible APIs) Client decides response Reduces extra data Example: Give me only name and email 👉 Real-world mapping: REST → Amazon, Flipkart SOAP → Banking systems GraphQL → Facebook 👉 Interview line: REST APIs are widely used due to simplicity, performance, and scalability. 🔹 STEP 4 — What is REST (Deep) REST is NOT a tool REST is NOT a protocol 👉 REST is a design style - reqq type , headers, request body, response header , response body 👉 Real-world thinking: Everything is treated as a resource /users /orders /products 👉 Operations: GET → fetch data POST → create data PUT → update DELETE → remove 👉 Real example (Amazon): GET /orders POST /orders DELETE /orders/1 👉 Key idea: Stateless → server does NOT remember previous request 👉 Interview line: REST is an architectural style where resources are managed using HTTP methods. 🔹 STEP 5 — Client–Server Architecture 👉 Basic flow: Client → Request → Server → Response → Client 👉 Real-world example: Swiggy: Client → Mobile app Server → Swiggy backend DB → restaurant data 👉 Flow: App → API (/restaurants) → Server → DB → Response → App 👉 Client examples: Browser Mobile app Postman 👉 Server: API layer Business logic Database 👉 Key concept: Client and server are loosely coupled 👉 Means: Frontend can change Backend can change Both still work independently 👉 Interview line: Client and server are independent systems communicating through APIs using request-response model. Perfect — same upgrade style, real-world + clean + only STEP headers 👍 🔹 STEP 6 — HTTP Basics (Deep) HTTP is the communication protocol used between client and server. 👉 Real-world example: When you open Flipkart and search for a product: App → HTTP Request → Server → HTTP Response → App 👉 Request contains: Method (what you want to do) URL (where to go) Headers (extra info like auth) Body (data, mostly in POST/PUT) 👉 Response contains: Status Code (success/failure) Headers Body (actual data) 👉 Example: Request: GET /users Response: [   {"name":"Wasim"} ] 👉 Interview line: HTTP defines how requests are sent and responses are received between client and server. 🔹 STEP 7 — HTTP Methods (Deep) HTTP methods define what action you want to perform. 👉 Real-world example (Amazon orders): GET /orders → fetch orders POST /orders → create order PUT /orders/1 → update order DELETE /orders/1 → cancel order 👉 Methods and meaning: GET → fetch data POST → create new data PUT → update full data PATCH → update partial data DELETE → remove data 👉 Important concept: Idempotency = calling API multiple times gives same result ✔ GET → safe ✔ PUT → same update again ✔ DELETE → still deleted ❌ POST → creates new data every time 👉 Interview line: GET, PUT and DELETE are idempotent, while POST is not. 🔹 STEP 8 — Status Codes (Deep) Status codes tell whether API worked or failed. 👉 Real-world example: You try to open a product: Found → success Wrong URL → not found Server down → error 👉 Categories: ✔ 2xx → Success 200 → OK 201 → Created 204 → No content ✔ 4xx → Client mistake 400 → Bad request 401 → Unauthorized 404 → Not found ✔ 5xx → Server mistake 500 → Internal server error 👉 Key understanding: 4xx → your request wrong 5xx → server failed 👉 Interview line: Status codes indicate whether the request was successful or failed due to client or server issues. 🔹 STEP 9 — URL Structure (Deep) URL defines where API is and what data you want. 👉 Real-world example: https://api.amazon.com/orders/123?status=delivered https://dummyjson.com/users?id=1   👉 Breakdown: Base URL →https://dummyjson.com Endpoint →  / users Path param → https://dummyjson.com/users/1   -> 1 Query param →?id=1  👉 Another example: GET /products?category=mobile&price=50000 👉 Key understanding: Path param → exact resource Query param → filtering/search 👉 Interview line: URL defines resource location along with filtering and identification parameters. 🔹 STEP 10 — JSON Basics (Deep) JSON is the data format used in APIs. 👉 Real-world example: When you open Swiggy → restaurant list comes in JSON 👉 Object: {   "name": "Wasim" } 👉 Array: [   {"name":"A"},   {"name":"B"} ] 👉 Nested: {   "user": {     "name": "Wasim"   } } 👉 Real API example: {   "orderId": "123",   "items": [     {"name": "Pizza"},     {"name": "Burger"}   ] } 👉 Key understanding: JSON = key-value Lightweight Easy to read and parse 👉 Interview line: JSON is a lightweight data format used for data exchange in REST APIs. 🔹 STEP 11 — Setup Dummy API using JSON Server 👉 Goal: Create your  own backend (no dependency on real APIs) Commands: npm install -g json-server mkdir api-practice cd api-practice Create  db.json : {   "users": [     { "id": "u1", "name": "Wasim", "email": "wasim@test.com" }   ],   "products": [     { "id": "p1", "name": "Laptop", "price": 50000 }   ],   "orders": [],   "payments": [] } Run server: npx json-server --watch db.json --port 3000 👉 API ready: http://localhost:3000/users 🔹 STEP 12 — First GET API (Read Data) GET http://localhost:3000/users ✔ Expect: Status → 200 Response → user list 👉 Learning: ✔ How to fetch data 🔹 STEP 13 — POST API (Create Data) POST http://localhost:3000/users Body: {   "id": "u2",   "name": "Ali",   "email": "ali@test.com" } ✔ Expect: Status → 201 👉 Learning: ✔ Data creation 🔹 STEP 14 — Verify using GET (CRITICAL 🔥) GET http://localhost:3000/users/u2 ✔ Expect: Data exists 👉 Interview Line: 👉 “I validate POST using GET API” 🔹 STEP 15 — PUT API (Update Data) PUT http://localhost:3000/users/u1 {   "id": "u2",   "name": "Ali Updated",   "email": "ali@test.com" } ✔ Expect: Status → 200 👉 Learning: ✔ Full update 🔹 STEP 16 — DELETE API DELETE http://localhost:3000/users/u2 ✔ Expect: Status → 200 👉 Verify: GET /users/u2 → 404 🔹 STEP 17 — Path vs Query Parameters Path: GET /users/u1 Query: GET /users?id=u1 👉 Learning: ✔ Filtering vs direct access Got it — you don’t want API headers. You want  Google Doc style headings for each step  (clean documentation format). Here’s your  STEP 18–20 rewritten like proper documentation  👇 🔹 STEP 18 — Headers Handling Objective Understand how request headers control API behavior and ensure proper communication between client and server. Tool Used Postman API Under Test POST https://dummyjson.com/auth/login Steps to Execute 1. Open Postman Create a new request Select  POST method 2. Enter API Endpoint https://dummyjson.com/auth/login 3. Add Request Header <w:tblPr><w:tblStyle w:val="Table1"/><w:tblW w:w="3310.0" w:type="dxa"/><w:jc w:val="left"/><w:tblBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:insideH w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:insideV w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tblBorders><w:tblLayout w:type="fixed"/><w:tblLook w:val="0600"/></w:tblPr><w:tblGrid><w:gridCol w:w="1550"/><w:gridCol w:w="1760"/><w:tblGridChange w:id="0"><w:tblGrid><w:gridCol w:w="1550"/><w:gridCol w:w="1760"/></w:tblGrid></w:tblGridChange></w:tblGrid><w:tr><w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="000001AB"><w:pPr><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Key <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="000001AC"><w:pPr><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Value <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="000001AD"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Content-Type <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="000001AE"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">application/json 4. Add Request Body (JSON) {   "username": "kminchelle",   "password": "0lelplR" } 5. Send Request Expected Result Status Code:  200 OK Response contains user details and token Negative Testing Case 1: Remove Header Remove  Content-Type Expected: Request may fail (400 / 415  in real APIs) Case 2: Incorrect Header Use  Content-Type: text/plain Expected: Server may reject or misinterpret request Learning Outcome ✔ Headers define request format ✔ Incorrect headers lead to failures ✔ Important for API validation and debugging 🔹 STEP 19 — API Chaining (Dynamic Testing) Objective Perform dynamic testing by passing data from one API response to another request. API Flow Login → Extract Token → Use Token in Next API Steps to Execute 1. Execute Login API POST https://dummyjson.com/auth/login Header: Content-Type: application/json Body: {   "username": "kminchelle",   "password": "0lelplR" } 2. Extract Data from Response Go to  Tests tab  and add: let res = pm.response.json(); pm.environment.set("token", res. accessToken ); pm.environment.set("userId", res.id); 3. Verify Stored Values Click environment quick look Confirm values: token userId 4. Use Token in Next API GET https://dummyjson.com/auth/me Header: Authorization: Bearer {{token}} Content-Type: application/json Expected Result Status Code:  200 OK User details returned Negative Testing Case 1: Missing Token Remove Authorization header Expected:  401 Unauthorized Case 2: Invalid Token Use wrong token Expected:  401 Unauthorized Learning Outcome ✔ Dynamic data handling ✔ Environment variables usage ✔ Real authentication flow testing 🔹 STEP 20 — Real Business Flow (End-to-End) Objective Simulate real-world API workflow using multiple dependent requests. Business Flow Login → Get User → Perform Action Steps to Execute 1. Login User POST https://dummyjson.com/auth/login Header: Content-Type: application/json Body: {    "username" :   "emilys" ,    "password" :   "emilyspass" } Tests: let res = pm.response.json(); pm.environment.set("token", res. accessToken ); pm.environment.set("userId", res.id); 2. Fetch Authenticated User Details GET https://dummyjson.com/auth/me Headers: Authorization: Bearer {{token}} Content-Type: application/json 3. Perform Next Action (Example: Get User Data) GET https://dummyjson.com/users/{{userId}} Header: Content-Type: application/json Expected Results All APIs return  200 OK Data flows correctly between requests Negative Scenarios Case 1: Invalid userId Modify  {{userId}} Expected:  404 Not Found Case 2: Missing Token Remove Authorization header Expected:  401 Unauthorized Learning Outcome ✔ End-to-end API validation ✔ Multi-step workflow testing ✔ Real-world backend simulation ✔ Dependency handling between APIs Perfect — now this is  exactly how a real QA/API engineer should design flow  🔥 👉 Fetch real data → extract → use in next API → no hardcoding I’ve  cleaned + corrected + upgraded your full doc ✔ Only step headers ✔ Detailed Postman actions ✔ Uses  real working flow (users → login → token → auth) Got it — you don’t want new steps, you want  smart upgrade inside SAME steps  with  Authentication vs Authorization clearly embedded  (no repetition, no extra fluff). I’ve adjusted your flow so it  naturally teaches both concepts while executing  👇 🔹 STEP 21 — Access Public API (Postman Setup) Open Postman application. On the top-left corner, click  New → Collection . Enter collection name as  API Training  and click  Create . This collection will store all your API requests and simulate a real project structure. 🔹 STEP 22 — Fetch Real User Data from API (Dynamic Test Data) Inside the collection, click  Add Request  and name it  Get User Data . Set: Method → GET URL →   https://dummyjson.com/users/1 Click  Send . You will get a full user response. From this response, identify: username password Example: "username": "emilys", "password": "emilyspass" 👉 This step ensures you are using  real API data instead of hardcoded values 🔹 STEP 23 — Extract Username and Password Automatically Go to the  Tests tab  of the same request. Paste: let res = pm.response.json(); pm.environment.set("username", res.username); pm.environment.set("password", res.password); Now create an  Environment  (top-right → Environments → New): <w:tblPr><w:tblStyle w:val="Table2"/><w:tblW w:w="2140.0" w:type="dxa"/><w:jc w:val="left"/><w:tblBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:insideH w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:insideV w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tblBorders><w:tblLayout w:type="fixed"/><w:tblLook w:val="0600"/></w:tblPr><w:tblGrid><w:gridCol w:w="1145"/><w:gridCol w:w="995"/><w:tblGridChange w:id="0"><w:tblGrid><w:gridCol w:w="1145"/><w:gridCol w:w="995"/></w:tblGrid></w:tblGridChange></w:tblGrid><w:tr><w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000025D"><w:pPr><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Variable <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000025E"><w:pPr><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Value <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000025F"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">username <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000260"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">(empty) <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000261"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">password <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000262"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">(empty) <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000263"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">token <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000264"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">(empty) Save and select this environment. Click  Send again  → values will be stored automatically. 🔹 STEP 24 — Perform Login using Extracted Credentials (AUTHENTICATION) Create a new request named  Login API . Set: Method → POST URL →   https://dummyjson.com/auth/login Go to Body → raw → JSON: {   "username": "{{username}}",   "password": "{{password}}" } Click  Send . 👉 This step is  AUTHENTICATION ✔ Server verifies identity ✔ If correct → token generated 👉 Negative test (important): Change password → expect  400 / Invalid credentials ✔ Means identity check failed 🔹 STEP 25 — Extract Authentication Token Go to Tests tab of Login API. Paste: let res = pm.response.json(); pm.environment.set("token", res.token); Click  Send again . Now token is stored in environment variable. 👉 This token represents  authenticated session 🔹 STEP 26 — Call Protected API using Token (AUTHORIZATION) Create new request → name it  Get Profile . Set: Method → GET URL →   https://dummyjson.com/auth/me Go to Authorization tab: Type → Bearer Token Token → {{token}} Click  Send 👉 This step is  AUTHORIZATION ✔ Server checks token ✔ Allows access only if valid 🔹 STEP 27 — Validate Unauthorized Access (Negative Testing) In the same request: Remove token → Click Send →  401 Unauthorized Use wrong token → Click Send →  401 Unauthorized 👉 Key understanding: ✔ User exists ❌ But access denied 👉 This clearly shows  Authorization failure (not Authentication) 🔹 STEP 28 — Understand API Endpoint Behavior Test different endpoints: https://dummyjson.com/users  → works without auth https://dummyjson.com/products  → works without auth https://dummyjson.com/auth/me  → requires token 👉 This shows real-world: ✔ Public APIs ✔ Protected APIs 🔹 STEP 29 — Automate API Chaining (End-to-End Flow) Now your flow is: Get user data → Extract username/password → Login (Authentication) → Extract token → Call protected API (Authorization) All values flow automatically using environment variables. 🔹 STEP 30 — Organize APIs into Collection Structure Create folders inside collection: User APIs Auth APIs Move requests accordingly to maintain clean structure. 🔹 STEP 31 — Use Base URL via Environment Add variable: <w:tblPr><w:tblStyle w:val="Table3"/><w:tblW w:w="3610.0" w:type="dxa"/><w:jc w:val="left"/><w:tblBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:insideH w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:insideV w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tblBorders><w:tblLayout w:type="fixed"/><w:tblLook w:val="0600"/></w:tblPr><w:tblGrid><w:gridCol w:w="1100"/><w:gridCol w:w="2510"/><w:tblGridChange w:id="0"><w:tblGrid><w:gridCol w:w="1100"/><w:gridCol w:w="2510"/></w:tblGrid></w:tblGridChange></w:tblGrid><w:tr><w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000029E"><w:pPr><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Variable <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000029F"><w:pPr><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Value <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="000002A0"><w:pPr><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">baseUrl <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="000002A1"><w:pPr><w:rPr/></w:pPr><w:hyperlink r:id="rId18"><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:color w:val="1155cc"/><w:u w:val="single"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">https://dummyjson.com Update URLs: {{baseUrl}}/users/1 {{baseUrl}}/auth/login {{baseUrl}}/auth/me 🔹 STEP 32 — Add Pre-request Script (Dynamic Data Handling) In any request → Pre-request Script: let random = Math.floor(Math.random() * 1000); pm.environment.set("dynamicUser", "user" + random); Used for dynamic testing scenarios. 🔹 STEP 33 — Add Validation using Test Scripts In Tests tab: pm.test("Status is 200", () => {     pm.response.to.have.status(200); }); pm.test("Token exists", () => {     let res = pm.response.json();     pm.expect(res.token).to.not.be.null; }); 🔹 STEP 34 — Run Complete Flow using Collection Runner Click collection → Click Run Select all requests → Click Run Collection This executes full flow sequentially. Got it — now crystal clear. You want  Google Doc style format : 👉  Only step title as header (bold H2) 👉 Everything else = normal paragraph text (no extra headings) 👉 Detailed + practical Let’s do it properly 👇 🔹 STEP 35 — Data Driven Testing (Using CSV in Postman Runner) Open Postman and make sure your collection already has a working Login API that uses  {{username}}  and  {{password}} . Now create a CSV file using Excel or Notepad and save it as  testdata.csv . Inside that file, write: username,password emilys,emilyspass kminchelle,0lelplR Now go back to Postman and click on your collection name in the left panel. On the top right of the collection, click the  Run (▶)  button. This opens the Collection Runner window. On the right side, you will see an option called  “Select File”  under the Data section. Click it and upload your CSV file. Ensure your request body in Postman is written like: {   "username": "{{username}}",   "password": "{{password}}" } Now click  Run Collection . Postman will execute the same API multiple times, once for each row in the CSV. You can click each iteration to see different responses. If one row has invalid credentials, it will fail — this automatically gives you both positive and negative testing in one run. This step is extremely important because it removes hardcoding and allows scalable test execution. 🔹 STEP 36 — Execute via Newman (CLI Automation) Now you move from UI testing to automation execution. In Postman, click on your collection → click the three dots (⋮) → click  Export  → select Collection v2.1 → save the JSON file. Do the same for your Environment file. Now install Newman using terminal: npm install -g newman Open Command Prompt or PowerShell and navigate to the folder where your files are saved. Run: newman run collection.json -e environment.json You will see execution logs directly in terminal — each API call, status code, and result. You can also generate reports: newman run collection.json -e environment.json -r html This creates a detailed HTML report. This step is important because it allows you to run API tests without Postman UI, which is exactly how execution happens in real projects. 🔹 STEP 37 — CI/CD Integration (Jenkins & GitHub Actions) Now take your Newman command and integrate it into CI/CD tools. In Jenkins, create a new job and go to the Build section. Choose  Execute Windows Batch Command  and paste: newman run collection.json -e environment.json Click  Build Now , and Jenkins will execute your API tests automatically. For GitHub Actions, create a file  .github/workflows/api.yml  and add: name: API Tests on: [push] jobs:   test:     runs-on: ubuntu-latest     steps:       - name: Run Newman         run: npx newman run collection.json -e environment.json Now whenever code is pushed, your API tests will run automatically. This is real-world automation where testing is part of the development pipeline. It ensures bugs are caught early without manual effort. 🔹 STEP 38 — AI for Test Script Generation (Postman Tests Tab) Instead of writing test scripts manually, you can use AI tools like ChatGPT or Cursor AI. For example, you can give a prompt: “Generate Postman test script for login API with status validation and token check” AI will generate something like: pm.test("Status is 200", function () {     pm.response.to.have.status(200); }); pm.test("Token exists", function () {     let res = pm.response.json();     pm.expect(res.token).to.not.be.null; }); Now go to Postman → open your request → click  Tests tab  → paste this script → click Send. You will see test results in the bottom panel. This speeds up your work, but remember AI gives generic output — you must enhance it with real business validations. 🔹 STEP 39 — Contract Testing using JSON Schema Validation Go to your Login API → open  Tests tab . Define a schema: const schema = {   type: "object",   properties: {     id: { type: "number" },     username: { type: "string" },     token: { type: "string" }   },   required: ["id", "username"] }; Now validate response: pm.test("Schema is valid", function () {     pm.response.to.have.jsonSchema(schema); }); Click Send. If API response structure changes, this test will fail immediately. This is very important in real projects because frontend depends on response structure. Even if API works, wrong structure can break UI — this step catches that early. 🔹 STEP 40 — End-to-End API Testing Flow (Authentication → Authorization) Now combine everything into one real workflow. Your flow is: GET  /users/1  → extract username and password POST  /auth/login  → authenticate user GET  /auth/me  → access protected API In first request, extract: let res = pm.response.json(); pm.environment.set("username", res.username); pm.environment.set("password", res.password); In second request, use: {   "username": "{{username}}",   "password": "{{password}}" } Extract token: pm.environment.set("token", res.token); In third request, go to Authorization tab → select Bearer Token → enter  {{token}} . Click Send and verify response. Now test negative: Change password → login fails Remove token → 401 Unauthorized Use wrong token → access denied This is not just testing APIs individually — this is testing complete system flow, which is how real backend validation works in production systems. If you want, next I can: 👉 Convert this entire flow into  RestAssured Java automation (your domain) 👉 Or give  interview questions from these steps Just say:  “automation next” – Step 41 API+UI INTEGRATION # 🚀 PHASE 0 — CLEAN START (MANDATORY) ## 🔹 STEP 0.1 — Close all ports ```bash netstat -ano | findstr :3000 ``` Kill: ```bash taskkill /PID <pid> /F ``` 👉 Do same for 4000 if needed --- # 🚀 PHASE 1 — PROJECT SETUP ## 🔹 STEP 1.1 — Create project ```bash mkdir shopping-app cd shopping-app npm init -y ``` --- ## 🔹 STEP 1.2 — Install dependencies ```bash npm install express jsonwebtoken cors ``` --- # 🚀 PHASE 2 — BACKEND (SERVER) ## 🔹 STEP 2.1 — Create `server.js` 👉 Create file: `server.js` 👉 Paste FULL code: ```javascript const express = require("express"); const jwt = require("jsonwebtoken"); const cors = require("cors"); const app = express(); app.use(cors()); app.use(express.json()); const SECRET = "mysecret"; // 🔹 DATA let users = [     { id: 1, username: "wasim", password: "1234" } ]; let products = [     { id: 1, name: "Laptop", price: 50000 },     { id: 2, name: "iPhone", price: 80000 } ]; let cart = []; // 🔹 TEST app.get("/", (req, res) => {     res.send("API WORKING ✅"); }); // 🔹 LOGIN app.post("/login", (req, res) => {     const { username, password } = req.body;     let user = users.find(u => u.username === username && u.password === password);     if (!user) return res.status(401).json({ message: "Invalid credentials" });     let token = jwt.sign({ username }, SECRET, { expiresIn: "1h" });     res.json({ token }); }); // 🔹 AUTH function authenticate(req, res, next) {     let authHeader = req.headers["authorization"];     if (!authHeader) return res.status(401).json({ message: "No token" });     let token = authHeader.split(" ")[1];     try {         jwt.verify(token, SECRET);         next();     } catch {         return res.status(403).json({ message: "Invalid token" });     } } // 🔹 PRODUCTS app.get("/products", (req, res) => {     res.json(products); }); // 🔹 CART app.get("/cart", authenticate, (req, res) => {     res.json(cart); }); app.post("/cart", authenticate, (req, res) => {     cart.push({ id: Date.now(), ...req.body });     res.json({ message: "Added" }); }); app.delete("/cart/:id", authenticate, (req, res) => {     cart = cart.filter(c => c.id != req.params.id);     res.json({ message: "Deleted" }); }); // 🔹 START app.listen(4000, () => console.log("Server running on port 4000")); ``` --- ## 🔹 STEP 2.2 — Run server ```bash node server.js ``` --- ## 🔹 STEP 2.3 — Verify Open: ``` http://localhost:4000/ ``` 👉 Output: ``` API WORKING ✅ ``` --- # 🚀 PHASE 3 — POSTMAN TESTING --- ## 🔹 STEP 3.1 — LOGIN POST ``` http://localhost:4000/login ``` Body → raw → JSON: ```json {   "username": "wasim",   "password": "1234" } ``` 👉 Copy token --- ## 🔹 STEP 3.2 — GET PRODUCTS GET ``` http://localhost:3000/products ``` --- ## 🔹 STEP 3.3 — ADD TO CART POST ``` http://localhost:3000/cart ``` Headers: ``` Authorization: Bearer <token> Content-Type: application/json ``` Body: ```json {   "productId": 1,   "name": "Laptop",   "price": 50000,   "quantity": 1 } ``` --- ## 🔹 STEP 3.4 — GET CART GET ``` http://localhost:4000/cart ``` Header: ``` Authorization: Bearer <token> ``` --- ## 🔹 STEP 3.5 — NEGATIVE TEST 👉 Remove token → Send 👉 Expected: ``` 401 Unauthorized ``` <w:tblPr><w:tblStyle w:val="Table4"/><w:tblW w:w="5040.0" w:type="dxa"/><w:jc w:val="left"/><w:tblBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:insideH w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:insideV w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tblBorders><w:tblLayout w:type="fixed"/><w:tblLook w:val="0600"/></w:tblPr><w:tblGrid><w:gridCol w:w="1775"/><w:gridCol w:w="1760"/><w:gridCol w:w="1505"/><w:tblGridChange w:id="0"><w:tblGrid><w:gridCol w:w="1775"/><w:gridCol w:w="1760"/><w:gridCol w:w="1505"/></w:tblGrid></w:tblGridChange></w:tblGrid><w:tr><w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="500" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000422"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">API <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000423"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Auth Required <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000424"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:jc w:val="center"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:b w:val="1"/><w:bCs w:val="1"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Why <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="560" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000425"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rFonts w:ascii="Roboto Mono" w:cs="Roboto Mono" w:eastAsia="Roboto Mono" w:hAnsi="Roboto Mono"/><w:color w:val="188038"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">/products <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000426"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rFonts w:ascii="Arial Unicode MS" w:cs="Arial Unicode MS" w:eastAsia="Arial Unicode MS" w:hAnsi="Arial Unicode MS"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">❌ No <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000427"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Public data <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="560" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000428"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rFonts w:ascii="Roboto Mono" w:cs="Roboto Mono" w:eastAsia="Roboto Mono" w:hAnsi="Roboto Mono"/><w:color w:val="188038"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">/login <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000429"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rFonts w:ascii="Arial Unicode MS" w:cs="Arial Unicode MS" w:eastAsia="Arial Unicode MS" w:hAnsi="Arial Unicode MS"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">❌ No <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000042A"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Entry point <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="560" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000042B"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rFonts w:ascii="Roboto Mono" w:cs="Roboto Mono" w:eastAsia="Roboto Mono" w:hAnsi="Roboto Mono"/><w:color w:val="188038"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">/cart <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000042C"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rFonts w:ascii="Arial Unicode MS" w:cs="Arial Unicode MS" w:eastAsia="Arial Unicode MS" w:hAnsi="Arial Unicode MS"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">✅ Yes <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000042D"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">User-specific <w:trPr><w:cantSplit w:val="0"/><w:trHeight w:val="560" w:hRule="atLeast"/><w:tblHeader w:val="0"/></w:trPr><w:tc><w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000042E"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rFonts w:ascii="Roboto Mono" w:cs="Roboto Mono" w:eastAsia="Roboto Mono" w:hAnsi="Roboto Mono"/><w:color w:val="188038"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">/orders  (future) <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="0000042F"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rFonts w:ascii="Arial Unicode MS" w:cs="Arial Unicode MS" w:eastAsia="Arial Unicode MS" w:hAnsi="Arial Unicode MS"/><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">✅ Yes <w:tcPr><w:tcBorders><w:top w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:left w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:bottom w:color="000000" w:space="0" w:sz="0" w:val="nil"/><w:right w:color="000000" w:space="0" w:sz="0" w:val="nil"/></w:tcBorders><w:tcMar><w:top w:w="100.0" w:type="dxa"/><w:left w:w="100.0" w:type="dxa"/><w:bottom w:w="100.0" w:type="dxa"/><w:right w:w="100.0" w:type="dxa"/></w:tcMar><w:vAlign w:val="top"/></w:tcPr><w:p w:rsidR="00000000" w:rsidDel="00000000" w:rsidP="00000000" w:rsidRDefault="00000000" w:rsidRPr="00000000" w14:paraId="00000430"><w:pPr><w:spacing w:before="280" w:lineRule="auto"/><w:rPr/></w:pPr><w:r w:rsidDel="00000000" w:rsidR="00000000" w:rsidRPr="00000000"><w:rPr><w:rtl w:val="0"/></w:rPr><w:t xml:space="preserve">Sensitive --- # 🚀 PHASE 4 — FRONTEND --- ## 🔹 STEP 4.1 — Create `index.html` 👉 Create file in same folder 👉 Paste FULL: ```html <!DOCTYPE html> <html> <head> <title>Shopping App</title> <style> body { font-family: Arial; background:#f5f5f5; margin:0; } header { background:#222; color:white; padding:15px; text-align:center; } .container { display:flex; padding:20px; } .box { width:50%; background:white; margin:10px; padding:20px; border-radius:10px; } </style> </head> <body> <header><h2>🛒 Shopping App</h2></header> <div style="text-align:center;margin:20px;"> <input id="username" placeholder="username"> <input id="password" type="password" placeholder="password"> <button onclick="login()">Login</button> <p id="status"></p> </div> <div class="container"> <div class="box"> <h3>Products</h3> <div id="products"></div> </div> <div class="box"> <h3>Cart</h3> <ul id="cart"></ul> <p id="total"></p> </div> </div> <script> let token = null; // LOGIN function login() { fetch("http://localhost:4000/login", { method:"POST", headers:{"Content-Type":"application/json"}, body:JSON.stringify({ username:document.getElementById("username").value, password:document.getElementById("password").value }) }) .then(res=>res.json()) .then(data=>{ if(data.token){ token=data.token; document.getElementById("status").innerText="✅ Logged in"; loadCart(); }else{ document.getElementById("status").innerText="❌ Login failed"; } }); } // LOAD PRODUCTS fetch("http://localhost:4000/products") .then(res=>res.json()) .then(data=>{ let div=document.getElementById("products"); data.forEach(p=>{ div.innerHTML+=`${p.name} ₹${p.price}  <button onclick='addToCart(${JSON.stringify(p)})'>Add</button><br>`; }); }); // ADD CART function addToCart(p){ if(!token){ alert("Login first"); return; } fetch("http://localhost:4000/cart",{ method:"POST", headers:{ "Content-Type":"application/json", "Authorization":"Bearer "+token }, body:JSON.stringify({...p,quantity:1}) }).then(loadCart); } // LOAD CART function loadCart(){ if(!token)return; fetch("http://localhost:4000/cart",{ headers:{"Authorization":"Bearer "+token} }) .then(res=>res.json()) .then(data=>{ let ul=document.getElementById("cart"); ul.innerHTML=""; let total=0; data.forEach(i=>{ total+=i.price*i.quantity; ul.innerHTML+=`<li>${i.name} - ₹${i.price}</li>`; }); document.getElementById("total").innerText="Total ₹"+total; }); } </script> </body> </html> ``` --- ## 🔹 STEP 4.2 — Run UI 👉 Double click `index.html` --- # 🔥 FINAL FLOW ``` Login → token       ↓ UI stores token       ↓ Token sent in header       ↓ Backend validates       ↓ Cart allowed ```