API TestingAPIIntermediate

Login/auth API

Scenario

A `POST /auth/login` endpoint accepts email and password and returns access and refresh tokens. It supports locked accounts, disabled accounts, MFA-required users, and rate limiting after repeated failures.

What would you test?

List checks, risks, edge cases, data conditions, and user experience concerns you would cover.