Auth test API
A single endpoint to practice attaching Authorization: Bearer headers. No accounts, no secrets — just a fixed demo token to demonstrate the round-trip.
https://sampleapi.top/api
Base URL — append any path below.
Endpoint
| Method | Path | Description |
|---|---|---|
| GET | /auth/bearer | Checks the Authorization header. Returns 200, 401, or 403. |
Demo token
demo-token
This token is public. It's safe to share, commit, and post in screenshots.
Behavior
| Request | Status | Body |
|---|---|---|
Authorization: Bearer demo-token | 200 | {"authenticated": true, "token": "demo-token", "user": {...}} |
No Authorization header | 401 | Error JSON. WWW-Authenticate: Bearer header included. |
Authorization: Bearer wrong | 403 | Error JSON. WWW-Authenticate includes error="invalid_token". |
Examples
Success
curl -s https://sampleapi.top/api/auth/bearer \
-H "Authorization: Bearer demo-token"const res = await fetch('https://sampleapi.top/api/auth/bearer', {
headers: { Authorization: 'Bearer demo-token' }
});
console.log(res.status, await res.json());$ctx = stream_context_create(['http' => [
'method' => 'GET',
'header' => "Authorization: Bearer demo-token\r\n",
]]);
echo file_get_contents('https://sampleapi.top/api/auth/bearer', false, $ctx);401 — missing token
curl -i https://sampleapi.top/api/auth/bearer403 — wrong token
curl -i https://sampleapi.top/api/auth/bearer \
-H "Authorization: Bearer wrong-token"Notes
- The token comparison is constant-time (
hash_equals) on the server. - SampleAPI does not issue, rotate, or remember tokens — the demo token is hard-coded.
- Do not send real credentials, real bearer tokens, or any personal data to this endpoint.