{"id":7511,"date":"2026-06-29T08:55:44","date_gmt":"2026-06-29T02:55:44","guid":{"rendered":"https:\/\/betterdocs.shahrear.msf.bd\/?post_type=docs&#038;p=7511"},"modified":"2026-06-29T08:55:48","modified_gmt":"2026-06-29T02:55:48","password":"","slug":"testing-api-key","status":"publish","type":"docs","link":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/docs\/bcb\/allinallmsf\/testing-api-key\/","title":{"rendered":"Testing API Key"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Introduction to <span class=\"highlight\">API Key Testing<\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">An <span class=\"highlight\">API key<\/span> is a unique identifier used to authenticate a user, developer, or calling program to an API. It acts as a token that applications provide when making requests to a web service, granting access to specific functionalities and data.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Testing API keys is a critical process to ensure the security, functionality, and proper access control of your services. It involves validating that keys are correctly generated, securely deployed, and effectively enforce the intended permissions and restrictions. Comprehensive testing prevents unauthorized access, data breaches, and service disruptions, contributing to a robust and reliable API ecosystem.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. <span class=\"highlight\">Creating an API Key<\/span> for Testing<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before you can test an API key, you need to <span class=\"highlight\">create<\/span> one. The creation process typically involves interacting with a management console or dashboard provided by your cloud provider, API gateway, or the service itself. It&#8217;s crucial to understand the options available during creation, especially concerning permissions and validity periods, to facilitate effective testing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Steps to Create an API Key<\/span><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Access Key Management:<\/strong> Navigate to the API key or credentials management section within your service provider&#8217;s console (e.g., AWS IAM, Google Cloud Console, Azure API Management, Stripe Dashboard, etc.).<\/li>\n\n\n\n<li><strong>Generate New Key:<\/strong> Locate and click the option to &#8220;Generate API Key&#8221; or &#8220;<span class=\"highlight\">Create<\/span> new credential.&#8221;<\/li>\n\n\n\n<li><strong>Name the Key:<\/strong> Assign a descriptive name or label to the key. For testing, include information like <code>test-env-read-only<\/code> or <code>dev-full-access<\/code> to clearly indicate its purpose and environment.<\/li>\n\n\n\n<li><strong>Configure Permissions\/Scopes:<\/strong> This is arguably the most important step for testing.\n<ul class=\"wp-block-list\">\n<li><strong>Least Privilege:<\/strong> For testing, always <span class=\"highlight\">create<\/span> keys with the minimum necessary permissions. For example, if you&#8217;re testing a read operation, grant only read permissions.<\/li>\n\n\n\n<li><strong>Specific Endpoints:<\/strong> If supported, restrict the key&#8217;s access to only the API endpoints or resources that will be tested.<\/li>\n\n\n\n<li><strong>Action Types:<\/strong> Define whether the key can perform <code>GET<\/code>, <code>POST<\/code>, <code>PUT<\/code>, <code>DELETE<\/code>, or other HTTP methods.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Set Expiration:<\/strong> For testing purposes, consider setting a short expiration date for the key. This enhances security by ensuring that test keys do not remain active indefinitely, even if accidentally exposed.<\/li>\n\n\n\n<li><strong>Review and <span class=\"highlight\">Create<\/span>:<\/strong> Confirm the settings and finalize the key creation.<\/li>\n\n\n\n<li><strong>Securely Store the Key:<\/strong> Once generated, the API key is usually displayed only once. Copy it immediately and store it in a secure location. <strong>Never hardcode API keys directly into your application&#8217;s source code.<\/strong><\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Best Practices for Test API Keys<\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Dedicated Test Keys:<\/strong> Always <span class=\"highlight\">create<\/span> separate API keys specifically for testing environments (development, staging, QA). Never use production API keys for testing.<\/li>\n\n\n\n<li><strong>Minimal Permissions:<\/strong> Adhere strictly to the principle of <span class=\"highlight\">least privilege<\/span>. Test keys should only have the permissions absolutely required for the specific tests being performed.<\/li>\n\n\n\n<li><strong>Short Lifespan:<\/strong> Configure test keys with a short expiration period (e.g., a few days or weeks). If long-term testing is needed, establish a clear rotation schedule.<\/li>\n\n\n\n<li><strong>Distinct Naming:<\/strong> Use clear, descriptive names for your test keys to differentiate them from production keys and indicate their purpose and environment.<\/li>\n\n\n\n<li><strong>Avoid Exposure:<\/strong> Even for test keys, treat them as sensitive credentials. Do not commit them to version control, expose them in client-side code, or include them in public logs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">2. <span class=\"highlight\">Deploying<\/span> an Environment for API Key Testing<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Deploying an environment for API key testing involves setting up the infrastructure and application where the API key will be used, along with secure mechanisms for key storage and retrieval. This ensures that your tests accurately reflect how the key will behave in a real-world scenario and that security best practices are maintained.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Secure Storage and Retrieval of API Keys<\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Properly storing and retrieving API keys is fundamental, even for test environments. This prevents accidental exposure and makes key rotation easier.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Environment Variables:<\/strong> A common method for local development and CI\/CD environments. Keys are loaded from the environment at runtime.<br>        <pre><code># Example: Setting an environment variable<br>export MY_API_KEY=\"sk_test_...\"<br><br># Example: Accessing in Python<br>import os<br>api_key = os.environ.get(\"MY_API_KEY\")<br><br># Example: Accessing in Node.js<br>const apiKey = process.env.MY_API_KEY;<\/code><\/pre><br>    <\/li>\n\n\n\n<li><strong>Secrets Managers:<\/strong> For more robust and scalable solutions, especially in cloud environments, use dedicated secret management services. These services securely store, retrieve, and often rotate sensitive credentials.\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/aws.amazon.com\/secrets-manager\/\">AWS Secrets Manager<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/azure.microsoft.com\/en-us\/products\/key-vault\/\">Azure Key Vault<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/cloud.google.com\/secret-manager\">Google Secret Manager<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.vaultproject.io\/\">HashiCorp Vault<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Configuration Files (with caution):<\/strong> For local development, keys can sometimes be stored in a <code>.env<\/code> file or a similar local configuration file, which should always be excluded from version control using <code>.gitignore<\/code>.<br>        <pre><code># .env file content<br>MY_API_KEY=sk_test_...<\/code><\/pre><br>    <\/li>\n\n\n\n<li><strong>Kubernetes Secrets:<\/strong> In Kubernetes environments, sensitive data like API keys can be stored as <a href=\"https:\/\/kubernetes.io\/docs\/concepts\/configuration\/secret\/\">Secrets<\/a> and then mounted as files or exposed as environment variables to pods.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Integrating the API Key into Applications\/Test Harnesses<\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once stored, the API key needs to be passed with your requests. This typically happens in one of a few ways:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Authorization Header:<\/strong> The most common and recommended method, usually with a scheme like <code>Bearer<\/code> or <code>APIKey<\/code>.<br>        <pre><code>Authorization: Bearer sk_test_...<\/code><\/pre><br>    <\/li>\n\n\n\n<li><strong>Custom Header:<\/strong> Some APIs use a custom header name.<br>        <pre><code>X-API-Key: sk_test_...<\/code><\/pre><br>    <\/li>\n\n\n\n<li><strong>Query Parameter:<\/strong> Less secure due to potential logging and caching, but sometimes used for simplicity. Avoid this for sensitive keys.<br>        <pre><code>GET \/api\/resource?apiKey=sk_test_...<\/code><\/pre><br>    <\/li>\n\n\n\n<li><strong>Request Body:<\/strong> Rarely used for API keys themselves, but sometimes for other credentials in a login flow.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"highlight\">Example: Making a Request with an API Key (cURL)<\/span><\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -X GET \\\n  'https:\/\/api.example.com\/data' \\\n  -H 'Accept: application\/json' \\\n  -H \"Authorization: Bearer $MY_API_KEY\"<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"highlight\">Example: Making a Request with an API Key (Python using requests)<\/span><\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>import os\nimport requests\n\napi_key = os.environ.get(\"MY_API_KEY\")\nif not api_key:\n    raise ValueError(\"MY_API_KEY environment variable not set\")\n\nheaders = {\n    \"Accept\": \"application\/json\",\n    \"Authorization\": f\"Bearer {api_key}\"\n}\n\nresponse = requests.get(\"https:\/\/api.example.com\/data\", headers=headers)\nresponse.raise_for_status() # Raise an exception for HTTP errors\nprint(response.json())<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Setting Up the Test Environment<\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Local Development:<\/strong> Use environment variables or local <code>.env<\/code> files.<\/li>\n\n\n\n<li><strong>CI\/CD Pipelines:<\/strong> Integrate with your CI\/CD system&#8217;s secret management (e.g., GitHub Actions Secrets, GitLab CI\/CD Variables, Jenkins Credentials).<br>        <pre><code># .github\/workflows\/test.yml<br>name: API Key Tests<br><br>on: [push]<br><br>jobs:<br>  test:<br>    runs-on: ubuntu-latest<br>    steps:<br>    - uses: actions\/checkout@v3<br>    - name: Set up Python<br>      uses: actions\/setup-python@v4<br>      with:<br>        python-version: '3.x'<br>    - name: Install dependencies<br>      run: pip install requests<br>    - name: Run API tests<br>      env:<br>        MY_API_KEY: ${{ secrets.TEST_API_KEY }} # Accessing GitHub Secret<br>      run: python run_api_tests.py<\/code><\/pre><br>    <\/li>\n\n\n\n<li><strong>Staging\/Pre-production Environments:<\/strong> Utilize cloud-native secret managers (AWS Secrets Manager, Azure Key Vault) that integrate directly with your deployed applications.<\/li>\n\n\n\n<li><strong>Network Considerations:<\/strong> Ensure your test environment has the necessary network access to communicate with the API. Check firewall rules, VPCs, and proxy settings if applicable.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">3. <span class=\"highlight\">Testing API Key<\/span> Functionality and Security<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Once your API key is created and your test environment is deployed, the final and most crucial step is to execute tests. This involves verifying that the API key functions as expected, enforcing correct permissions, and handling invalid or compromised scenarios gracefully.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Functional Testing<\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Functional tests verify that the API key grants access to the intended resources and operations.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"highlight\">A. Valid Key, Correct Permissions<\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">These tests confirm that the API key successfully performs authorized actions and retrieves expected data.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Successful Authorized Requests:<\/strong> Make requests to endpoints that the API key is explicitly allowed to access.\n<ul class=\"wp-block-list\">\n<li><em>Example:<\/em> A key with <code>read:data<\/code> scope successfully retrieves data from <code>\/api\/data<\/code>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Verify Expected Responses:<\/strong> Check that the HTTP status code (e.g., <code>200 OK<\/code>, <code>201 Created<\/code>) and the response body match the API documentation for successful operations.<\/li>\n\n\n\n<li><strong>Test All Authorized Endpoints and Actions:<\/strong> For each permission granted to the key, write a test case.\n<ul class=\"wp-block-list\">\n<li>If the key has write access to <code>\/api\/users<\/code>, test creating a new user.<\/li>\n\n\n\n<li>If it has delete access to <code>\/api\/items\/{id}<\/code>, test deleting an item.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"highlight\">B. Valid Key, Insufficient Permissions<\/span><\/h4>\n\n\n\n<p class=\"wp-block-paragraph\">These tests are designed to ensure that the API key correctly *restricts* access to unauthorized resources or operations, enforcing the principle of least privilege.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Attempt Unauthorized Access:<\/strong> Use the valid key to try and access endpoints or perform actions it *does not* have permission for.\n<ul class=\"wp-block-list\">\n<li><em>Example:<\/em> A key with only <code>read:data<\/code> scope attempts to <code>POST<\/code> to <code>\/api\/data<\/code>.<\/li>\n\n\n\n<li><em>Example:<\/em> A key restricted to <code>\/api\/public\/*<\/code> attempts to access <code>\/api\/admin\/*<\/code>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Verify Unauthorized Errors:<\/strong> Expect and assert that the API responds with appropriate error codes, typically:\n<ul class=\"wp-block-list\">\n<li><code>401 Unauthorized<\/code>: The request lacks valid authentication credentials.<\/li>\n\n\n\n<li><code>403 Forbidden<\/code>: The server understood the request but refuses to authorize it (the key is valid but doesn&#8217;t have permissions).<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Negative Testing (Invalid Key Scenarios)<\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Negative tests validate how the API handles requests with invalid, missing, or malformed API keys.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Missing Key:<\/strong> Send a request to an authenticated endpoint without including any API key.\n<ul class=\"wp-block-list\">\n<li><em>Expected:<\/em> <code>401 Unauthorized<\/code>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Malformed Key:<\/strong> Send a request with an API key that is syntactically incorrect (e.g., truncated, contains invalid characters).\n<ul class=\"wp-block-list\">\n<li><em>Expected:<\/em> <code>401 Unauthorized<\/code> or potentially <code>400 Bad Request<\/code> depending on API implementation.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Expired Key:<\/strong> Use a key that has passed its expiration date. This requires prior setup where you <span class=\"highlight\">create<\/span> a key with a short lifespan and wait for it to expire.\n<ul class=\"wp-block-list\">\n<li><em>Expected:<\/em> <code>401 Unauthorized<\/code> or <code>403 Forbidden<\/code>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Revoked Key:<\/strong><span class=\"highlight\">Create<\/span> a key, make a successful request, then revoke the key via the management console, and attempt the same request again.\n<ul class=\"wp-block-list\">\n<li><em>Expected:<\/em> <code>401 Unauthorized<\/code> or <code>403 Forbidden<\/code>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Security Testing (Basic Aspects)<\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">While full security auditing is beyond basic API key testing, some checks are crucial.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Key Exposure:<\/strong>\n<ul class=\"wp-block-list\">\n<li>Verify that API keys are not accidentally logged by your application or test harness, especially in verbose debug logs.<\/li>\n\n\n\n<li>Ensure keys are not exposed in URLs (query parameters) if they are sensitive.<\/li>\n\n\n\n<li>Check network traffic (e.g., using browser developer tools or Wireshark) to confirm keys are transmitted securely (e.g., over HTTPS in headers, not plain text).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Rate Limiting:<\/strong> If your API enforces <span class=\"highlight\">rate limits<\/span> per API key, test this functionality:\n<ul class=\"wp-block-list\">\n<li>Make requests beyond the allowed limit.<\/li>\n\n\n\n<li><em>Expected:<\/em> <code>429 Too Many Requests<\/code> response.<\/li>\n\n\n\n<li>Verify that the API key is temporarily throttled and eventually allowed again after the cool-down period.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Key Rotation Process:<\/strong> If your application supports API key rotation, test the entire lifecycle:\n<ul class=\"wp-block-list\">\n<li>Generate a new key.<\/li>\n\n\n\n<li>Deploy the new key to your test application.<\/li>\n\n\n\n<li>Verify that requests with the new key are successful.<\/li>\n\n\n\n<li>Revoke the old key.<\/li>\n\n\n\n<li>Verify that requests with the old key now fail.<\/li>\n\n\n\n<li>Ensure zero downtime or disruption during the transition if planned for.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"highlight\">Automation for API Key Testing<\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Automating your API key tests is essential for continuous validation and rapid feedback.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>API Testing Tools:<\/strong>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.postman.com\/\">Postman<\/a> or <a href=\"https:\/\/insomnia.rest\/\">Insomnia<\/a>: Excellent for manual and automated API testing, allowing you to <span class=\"highlight\">create<\/span> collections of requests, environment variables for keys, and assertion scripts.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Code-based Tests:<\/strong> Integrate API key tests into your existing unit, integration, or end-to-end test suites using frameworks like:\n<ul class=\"wp-block-list\">\n<li>Python: <a href=\"https:\/\/docs.pytest.org\/en\/stable\/\">Pytest<\/a>, <a href=\"https:\/\/docs.python.org\/3\/library\/unittest.html\">unittest<\/a><\/li>\n\n\n\n<li>JavaScript\/TypeScript: <a href=\"https:\/\/jestjs.io\/\">Jest<\/a>, <a href=\"https:\/\/mochajs.org\/\">Mocha<\/a>, <a href=\"https:\/\/www.chaijs.com\/\">Chai<\/a><\/li>\n\n\n\n<li>Java: <a href=\"https:\/\/junit.org\/junit5\/\">JUnit<\/a>, <a href=\"https:\/\/rest-assured.io\/\">Rest-Assured<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>CI\/CD Integration:<\/strong> Incorporate these automated tests into your CI\/CD pipeline to automatically run API key validations on every code commit or deployment to a test environment.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">By thoroughly testing your API keys across creation, deployment, and usage scenarios, you build confidence in your API&#8217;s security and access control mechanisms, safeguarding your services and data.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction to API Key Testing An API key is a unique identifier used to authenticate a user, developer, or calling program to an API. It acts as a token that applications provide when making requests to a web service, granting access to specific functionalities and data. Testing API keys is a critical process to ensure [&hellip;]<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_eb_attr":"","footnotes":""},"doc_category":[121],"glossaries":[],"doc_tag":[],"knowledge_base":[22],"class_list":["post-7511","docs","type-docs","status-publish","hentry","doc_category-allinallmsf","knowledge_base-bcb"],"year_month":"2026-07","word_count":1837,"total_views":"4","reactions":{"happy":"0","normal":"0","sad":"0"},"author_info":{"name":"muammar-shahrear-famous","author_nicename":"muammar-shahrear-famous","author_url":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/author\/muammar-shahrear-famous\/"},"doc_category_info":[{"term_name":"All In All MSF","term_url":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/docs\/bcb\/allinallmsf\/"}],"doc_tag_info":[],"knowledge_base_info":[{"term_name":"BCB","term_url":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/docs\/bcb\/","term_slug":"bcb"}],"knowledge_base_slug":["bcb"],"_links":{"self":[{"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/docs\/7511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/comments?post=7511"}],"version-history":[{"count":1,"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/docs\/7511\/revisions"}],"predecessor-version":[{"id":7512,"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/docs\/7511\/revisions\/7512"}],"wp:attachment":[{"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/media?parent=7511"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/doc_category?post=7511"},{"taxonomy":"glossaries","embeddable":true,"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/glossaries?post=7511"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/doc_tag?post=7511"},{"taxonomy":"knowledge_base","embeddable":true,"href":"https:\/\/betterdocs.shahrear.msf.bd\/index.php\/wp-json\/wp\/v2\/knowledge_base?post=7511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}