Hello everyone, I'm @xiaoqiangapi , the Chinese teacher who gives apis a "check-up". An article on [] (HTTP: / / https://dev.to/xiaoqiangapi3721/a-chinese-language-teacher-gave-his-api-a-physical-examination-i-ran-10-securit In y-tests-using-1hpp, I list 10 safety test plans. Today we officially start testing Group 1: ** Authentication * . I'll first address the most fundamental concern of developers - "Can my API be invoked without a Key or with the wrong Key?" * These are the two things I use: Postman and the curl that comes with Windows. Don't play with virtual. Test (0) : Normal Request (baseline) ** Result ** : With the correct API Key and valid parameters, 200 OK is returned and the model responds normally. ✅ Basic functionality of the API is normal. Test (1) : No API Key provided ** Test purpose ** : To see if the API will allow when no API Key is passed. ** Result ** : returns' 401 Unauthorized '. ✅ ** guard against "getting something for nothing" by ** -- not providing the Key, no data at all.…