Fake Store Contract Drift on Unauthorized Login Probe

Med.CheckoutAPI

Task

Run GET /_api-sandbox/products/1 -> GET /_api-sandbox/carts/1 -> POST /_api-sandbox/auth/login and validate each step

Success

Use Playwright request fixture/context for every API call
Keep traffic on /_api-sandbox only
Run strict order: GET /_api-sandbox/products/1 -> GET /_api-sandbox/carts/1 -> POST /_api-sandbox/auth/login

Rules

No local mocks or off-target HTTP calls
No reordered flow steps
No status-only assertions for login

Mutation

Read steps remain required before login
Unauthorized login semantics are graded strictly

Hint 1

• Action: send GET /_api-sandbox/products/1 • Action: send GET /_api-sandbox/carts/1 • Action: send POST /_api-sandbox/auth/login

Hint 2

• Assertion: assert 200 (or another 2xx) response • Assertion: assert payload has numeric id • Assertion: assert payload contains id and non-empty products array

Hint 3

• Assertion: assert status 401 • Assertion: assert body contains "incorrect"

Code

Auto

Saved

Ln 1, Col 1

You need to log in / sign up to run or submit

API sandbox console

Docs quick reference

Run guide

Run your test to unlock captured requests and checks.

Appears after first run · Appears after evaluation

Expected flow

Step inspector

GET /_api-sandbox/products/1Pending

Contract expectation

Product contractverify 200 and numeric id

Last capture

No requests captured yet

Grader checks

Use Playwright request fixture/context
Stay on /_api-sandbox/* paths
Preserve the required request order
Assert immediately after each call

Captured: 0Matched: 0/3Issues: 0No run yet