name = Runnable Token Rotation Example
description = Demonstrates rotating a captured bearer token and reusing the latest value downstream.
$ API_ORIGIN = https://lorem-api.com/api
---
Issue initial token
POST {{ API_ORIGIN }}/jwt
~~~ application/json
{
"username": "hen-refresh-initial",
"password": "demo-password",
"role": "initial"
}
~~~
& body.token -> $INITIAL_TOKEN
^ & status == 200
^ $INITIAL_TOKEN ~= /[A-Za-z0-9_.-]+/
---
Rotate token
> requires: Issue initial token
POST {{ API_ORIGIN }}/jwt
* Authorization = Bearer {{ INITIAL_TOKEN }}
~~~ application/json
{
"username": "hen-refresh-rotated",
"password": "demo-password",
"role": "rotated"
}
~~~
& body.token -> $LATEST_REFRESH_TOKEN
^ & status == 200
^ $LATEST_REFRESH_TOKEN ~= /[A-Za-z0-9_.-]+/
---
Reuse rotated token downstream
> requires: Rotate token
POST {{ API_ORIGIN }}/echo
* Authorization = Bearer {{ LATEST_REFRESH_TOKEN }}
* X-Previous-Token = {{ INITIAL_TOKEN }}
~~~ application/json
{
"tokenState": "rotated"
}
~~~
^ & status == 200
^ & body.tokenState == "rotated"