Auth JSON Server

A mock API server for testing, with authentication.

Authentication

# API key in URL
curl https://auth-json-server.zapier-staging.com/me?api_key=secret

# API key in header
curl https://auth-json-server.zapier-staging.com/me -H X-API-Key:secret

# Basic auth
curl -u user:secret https://auth-json-server.zapier-staging.com/me

OAuth

OAuth Authorize URL:

https://auth-json-server.zapier-staging.com/oauth/authorize?response_type=code&client_id=1234&redirect_uri=https%3a%2f%2fexample.com&state=qwerty

Access Token URL:

curl --request POST \
  --url 'https://auth-json-server.zapier-staging.com/oauth/access-token' \
  --header 'accept: application/json' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=authorization_code&client_id=1234&client_secret=asdf&code=one_time_code'

Auth Test:

curl https://auth-json-server.zapier-staging.com/me -H 'Authorization:Bearer a_token'

Refresh Token URL:

curl --request POST \
  --url https://auth-json-server.zapier-staging.com/oauth/refresh-token \
  --header 'accept: application/json' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data 'grant_type=refresh_token&client_id=1234&client_secret=asdf&refresh_token=a_refresh_token'

Endpoints

Resources (Auth Required)

All HTTP verbs (GET, POST, DELETE, PUT, PATCH) are supported, but note that the server is READ-ONLY. So when you POST, DELETE, PUT, or PATCH a resource, the resource will NOT change but it will be faked as if.

• /me
• /movies
• /posts
• /recipes
• /users

More usages can be found in JSON Server's doc.

Input/Output Fields (Auth Required)

These endpoints return example field definitions that can be used to build a Zapier CLI app. Learn more in Custom/Dynamic Fields.

• /input-fields
• /output-fields

File Upload and Download (Auth Required)

POST /upload accepts a file in multipart/form-data format and returns a SHA1 hash of the file content.

$ curl -X POST -F 'file=@pig.png' -F 'filename=test.png' -H 'X-Api-Key:secret' https://auth-json-server.zapier-staging.com/upload
{
  "filename": "test.png",
  "file": {
    "originalname": "pig.png",
    "mimetype": "application/octet-stream",
    "size": 8090,
    "sha1": "379f5137831350c900e757b39e525b9db1426d53"
  }
}

Since it's hard to make a deterministic ZIP file, file.sha1 isn't useful telling you if two ZIP files are the same. To obtain the hash based on the content inside the ZIP file (file.zipsha1), you can specify computeZipHash=1 in the querystring:

$ curl -X POST -F 'file=@out.zip' -F 'filename=test.zip' 'https://auth-json-server.zapier-staging.com/upload?api_key=secret&computeZipHash=1'
{
  "filename": "test.zip",
  "file": {
    "originalname": "out.zip",
    "mimetype": "application/octet-stream",
    "size": 43898,
    "sha1": "ce54349caa1746a146587d59cf039f58c77653ba",
    "zipsha1": "986deff9146ce546c749fb1604383929e804bcae"
  }
}

To persist the file, include the ?persist=true query parameter. This will keep the file either on disk or in memory, depending on how the server was started.

To download a file, make a GET request to /download

$ curl -X GET 'https://auth-json-server.zapier-staging.com/download?api_key=secret&filename=example.txt'
<raw data of the file>

Magic 8-Ball (Auth Required)

/magic requires a callbackUrl to be provided; after thinking for a short period, a Magic 8-Ball response will be sent to the provided callbackUrl. You can specify an optional delay parameter as well to define the number of seconds to wait before sending the callback (60 is both the default and the maximum value). Supports GET and POST requests.

$ curl -X POST -d '{"callbackUrl": "YOUR_URL_HERE", "delay": 60}' -H 'Content-Type: application/json' -H 'X-Api-Key:secret' 'https://auth-json-server.zapier-staging.com/magic'
{
  "status": "...thinking...",
  "callbackUrl": "https://example.com/example/endpoint"
}

# at https://example.com/example/endpoint, 1 minute later...

Content-Length: 48
Accept: */*
Accept-Encoding: gzip,deflate
Content-Type: application/json
User-Agent: Magic 8-Ball

{
  "status": "success",
  "result": "Ask again later."
}

Other Endpoints (Auth Not Required)

/echo echoes whatever you send to it. Kind of like https://httpbin.org/(get|post) but with less assumption about how HTTP API should work. For example, you can GET with a request body, even though it's unconventional:

$ curl -X GET https://auth-json-server.zapier-staging.com/echo\?param\=1 -d "hello world"
{
  "method": "GET",
  "query": {
    "param": "1"
  },
  "headers": {
    "host": "auth-json-server.zapier-staging.com",
    "x-request-id": "cd0823143d0429f0a49be68eafe429f1",
    "x-real-ip": "0.0.0.0",
    "x-forwarded-for": "0.0.0.0",
    "x-forwarded-host": "auth-json-server.zapier-staging.com",
    "x-forwarded-port": "443",
    "x-forwarded-proto": "https",
    "x-scheme": "https",
    "content-length": "11",
    "user-agent": "curl/7.54.0",
    "accept": "*/*",
    "content-type": "application/x-www-form-urlencoded"
  },
  "textBody": "hello world"
}

/pig.png gives you a PNG image of cute pig, the same one you get from https://httpbin.org/image/png. The only difference is you can POST to it and still get the image:

$ curl -s -X POST https://auth-json-server.zapier-staging.com/pig.png | sha1sum
379f5137831350c900e757b39e525b9db1426d53  -

$ curl -s https://httpbin.org/image/png | sha1sum
379f5137831350c900e757b39e525b9db1426d53  -

/中文 uses a URL path with non-ascii characters. If your HTTP client doesn't encode the URL for you, you have to do it yourself:

$ curl https://auth-json-server.zapier-staging.com/%E4%B8%AD%E6%96%87
{
  "hello":"你好"
}

About

Powered by JSON Server and JSONPlaceholder.

Any questions? Contact us at contact@zapier.com!