>/Ctf_tasks/API_lvl_1 $

Category: Web

Difficulty: Beginner

Try to get the flag, but it’s only accessible to admin, huh? Luckily, I secured the endpoint with a special header.

Requirements:
* Tool: curl or Postman

curl http://barry-dev.xyz/api/v1/flag -H "X-USER-ROLE: user" -H "API_KEY: your-api-key"

Note: You can find and copy your API key from your profile.