There is inconsistent behavior when using Postman > Headers.

Clarity validates the authToken but lacks specific validation for null values.

Steps To Reproduce

1. Login to Clarity.

2. Copy the SessionID from the About page of Clarity.

3. In the Postman Application, set the authorization to No AUTH.
 

4. Add Header "Cookie" with the Value "sessionId=<value from step 2>".
 

5. Add another Header "authToken" and leave the value empty.

6. Execute the REST API call.

Expected: There should not be inconsistent behavior/results.

Actual: The API call succeeds.

The 3 situations occur.

a. If a random value in authToken is provided, it fails.

b. If there is a null value provided for the 'authToken', call is successful (Status 200):

c. If 'authToken' is not selected, call fails (Status 401)

API key is limited to 1 user and for 365 days maximum only.
For custom applications that require more than one API key, i.e. it integrates using a channel that uses a user's persona to display data, a single API key is not sufficient.

Have the custom application always send both the cookie header and the authToken header in the request.