Authentication

Web API Practice.

Learn different API authentication methods

Challenges

Basic Authentication

HTTP Basic Auth sends credentials as base64-encoded username:password.

Objective

Send a GET request to /api/protected with Basic Authentication:

Username: admin
Password: password123

Example

curl -u admin:password123 http://challenge/api/protected

Or manually with header:

curl -H "Authorization: Basic YWRtaW46cGFzc3dvcmQxMjM=" http://challenge/api/protected

Good luck!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@dojo.idg.ctf

Bearer Token Authentication

Bearer tokens are commonly used in OAuth 2.0 and JWT authentication.

Objective

Send a GET request to /api/dashboard with a Bearer token:

Token: supersecrettoken2024

Example

curl -H "Authorization: Bearer supersecrettoken2024" http://challenge/api/dashboard

Good luck!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@dojo.idg.ctf

API Key Authentication

Many APIs use API keys passed in headers or query parameters.

Objective

Send a GET request to /api/data with an API key header:

Header: X-API-Key
Value: sk_live_abc123xyz789

Example

curl -H "X-API-Key: sk_live_abc123xyz789" http://challenge/api/data

Good luck!

Connect with SSH

Link your SSH key, then connect with: ssh hacker@dojo.idg.ctf

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

7-Day | 30-Day | All-Time

Rank		Hacker	Badges		Score

Authentication

Web API Practice.

Challenges

Basic Auth 0 solves

Basic Auth

Basic Authentication

Objective

Example

Connect with SSH

Bearer Token 0 solves

Bearer Token

Bearer Token Authentication

Objective

Example

Connect with SSH

Api Key 0 solves

Api Key

API Key Authentication

Objective

Example

Connect with SSH

30-Day Scoreboard: