# Test API Endpoints Using Postman for a Messaging App
This notebook provides a guide to testing API endpoints for a messaging app using Postman.

## Setup Postman Environment
Explain how to configure Postman with the base URL and environment variables for the API endpoints.

1. Open Postman and navigate to the **Environments** tab.
2. Create a new environment and define variables such as:
   - `base_url`: The base URL of the API (e.g., `http://localhost:5000`).
   - `jwt_token`: Placeholder for the JWT token to be used in authenticated requests.
3. Save the environment and ensure it is selected in the top-right dropdown.

## Test Creating a Conversation
Demonstrate how to use Postman to send a POST request to create a new conversation, including the required payload and headers.

1. Create a new request in Postman and set the method to **POST**.
2. Set the URL to `{{base_url}}/conversations`.
3. In the **Headers** tab, add:
   - `Content-Type`: `application/json`
   - `Authorization`: `Bearer {{jwt_token}}` (if authentication is required).
4. In the **Body** tab, select **raw** and provide the following JSON payload:
   ```json
   {
       "name": "Project Discussion",
       "participants": ["user1@example.com", "user2@example.com"]
   }
   ```
5. Send the request and verify the response contains the conversation details.

## Test Sending Messages
Show how to use Postman to send a POST request to add messages to a conversation, including the necessary payload and headers.

1. Create a new request in Postman and set the method to **POST**.
2. Set the URL to `{{base_url}}/conversations/{conversation_id}/messages`.
3. In the **Headers** tab, add:
   - `Content-Type`: `application/json`
   - `Authorization`: `Bearer {{jwt_token}}`.
4. In the **Body** tab, select **raw** and provide the following JSON payload:
   ```json
   {
       "sender": "user1@example.com",
       "message": "Hello, team! Let's discuss the project."
   }
   ```
5. Send the request and verify the response contains the message details.

## Test Fetching Conversations
Illustrate how to use Postman to send a GET request to fetch all conversations or a specific conversation by ID.

1. To fetch all conversations:
   - Create a new request in Postman and set the method to **GET**.
   - Set the URL to `{{base_url}}/conversations`.
   - Add the `Authorization` header: `Bearer {{jwt_token}}`.
   - Send the request and verify the response contains a list of conversations.
2. To fetch a specific conversation:
   - Set the URL to `{{base_url}}/conversations/{conversation_id}`.
   - Add the same headers as above.
   - Send the request and verify the response contains the conversation details.

## Test Authentication with JWT Token
Explain how to use Postman to send a login request, retrieve a JWT token, and include it in the Authorization header for subsequent requests.

1. Create a new request in Postman and set the method to **POST**.
2. Set the URL to `{{base_url}}/auth/login`.
3. In the **Body** tab, select **raw** and provide the following JSON payload:
   ```json
   {
       "email": "user1@example.com",
       "password": "securepassword"
   }
   ```
4. Send the request and copy the `token` value from the response.
5. Update the `jwt_token` variable in your Postman environment with the copied token.
6. Use this token in the `Authorization` header for subsequent requests.

## Test Unauthorized Access to Private Conversations
Demonstrate how to test unauthorized access by omitting the JWT token or using an invalid token, and verify that the API returns the appropriate error response.

1. Create a new request in Postman and set the method to **GET**.
2. Set the URL to `{{base_url}}/conversations/{conversation_id}`.
3. Do not include the `Authorization` header or use an invalid token.
4. Send the request and verify the response contains an error message, such as:
   ```json
   {
       "error": "Unauthorized",
       "message": "Authentication token is missing or invalid."
   }
   ```
5. Confirm that the API returns the appropriate HTTP status code (e.g., 401 Unauthorized).