Authentication
// Definition
The process of verifying who a caller is. Common schemes: API key, Bearer token, OAuth 2.0, mutual TLS. Distinct from authorisation, which decides what they're allowed to do.
// Related terms
Endpoint
A specific URL exposed by an API that accepts requests and returns responses. Defined by its path, HTTP method, and contract.
Rate Limiting
An API protection mechanism that caps how many requests a client can make in a window. Tests should verify both the limit threshold and the response when exceeded (typically HTTP 429 with Retry-After).
REST
Representational State Transfer — an architectural style for HTTP APIs where resources are addressed by URLs and manipulated via standard HTTP verbs (GET, POST, PUT, DELETE). The dominant API style for over a decade.
Learn more · API Automation with Rest Assured
Chapter 4 · Lesson 2: OAuth 2.0 with Rest Assured