SlideShare a Scribd company logo

Rest API Testing

Download as PPTX, PDF
U
upadhyay_25

The document discusses testing REST APIs using Java. It covers creating test cases to test API functionality, parameters, and expected results. It also discusses best practices for organizing test cases and ensuring complete test coverage. The document then describes how to perform automated testing of APIs using Java tools like POJOs, serialization/deserialization, Rest-Assured, and assertion libraries. It provides details on HTTP methods like GET, POST, PUT, DELETE and important HTTP headers.

Technology
1 of 18
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
REST API TEST By Anil Upadhyay
Test Case Creation • Understanding the functionality of the API program and clearly define the scope of the program • Apply testing techniques such as equivalence classes, boundary value analysis, and error guessing and write test cases for the API • Input Parameters for the API need to be planned and defined appropriately • Execute the test cases and compare expected and actual results.
Basic Practice of API Testing • Test cases should be grouped by test category • On top of each test, you should include the declarations of the APIs being called. • Parameters selection should be explicitly mentioned in the test case itself • Prioritize API function calls so that it will be easy for testers to test • Each test case should be as self-contained and independent from dependencies as possible • Call sequencing should be performed and well planned • To ensure complete test coverage, create test cases for all possible input combinations of the API.
Automated Testing of APIs using Java • Plain Old Java Object (POJO) • Serialisation & Deserialisation • Rest-assured • Any Java Assert Library
POJO • Plain Old Java Object (POJO): Pojo in Java stands for Plain Old Java Object and they are used for increasing the readability and re-usability of a program. They are normal java objects, unbounded by special restrictions, other than the ones forced by the Java Language Specification. • In simpler terms, Pojo is defined as a pure data structure, containing the getter and setter fields. It has the ability to override certain methods from Object or an interface such as Serializable. • A POJO must not : • Extend pre-specified classes: Ex- public class Test extends javax.servlet.http.HttpServlet is not considered to be a POJO class. • Contain pre-specified annotations: Ex- @javax.persistence.Entity public class Test{..} is not a pojo class. • Implement prespecified interfaces: Ex- public class Test implements javax.ejb.EntityBean { … } is not considered to be a POJO class.
Serialisation & Deserialisation • Serialisation is a mechanism of converting the state of an object into a byte stream. Deserialisation is the reverse process where the byte stream is used to recreate the actual Java object in memory. This mechanism is used to persist the object.
HTTP METHODS • HTTP defines a set of request methods to indicate the desired action to be performed for a given resource. Although they can also be nouns, these request methods are sometimes referred as HTTP verbs. Each of them implements a different semantic, but some common features are shared by a group of them: e.g. a request method can be safe, idempotent, or cacheable. • GET : The GET method requests a representation of the specified resource. Requests using GET should only retrieve data.
HTTP METHODS • POST: The POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server. • PUT: The PUT method replaces all current representations of the target resource with the request payload. • DELETE: The DELETE method deletes the specified resource. • PATCH: The PATCH method is used to apply partial modifications to a resource.
HTTP HEADERS • HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored. • Headers can be grouped according to their contexts: • General headers apply to both requests and responses, but with no relation to the data transmitted in the body. • Request headers contain more information about the resource to be fetched, or about the client requesting the resource.
HTTP HEADERS • Response headers hold additional information about the response, like its location or about the server providing it. • Entity headers contain information about the body of the resource, like its content length or MIME type.
IMPORTANT HEADERS • Authorization • Contains the credentials to authenticate a user-agent with a server. • Connection • Controls whether the network connection stays open after the current transaction finishes. • Keep-Alive • Controls how long a persistent connection should stay open.
IMPORTANT HEADERS • Accept • Informs the server about the types of data that can be sent back. • Accept-Language • Informs the server about the human language the server is expected to send back. This is a hint and is not necessarily under the full control of the user: the server should always pay attention not to override an explicit user choice (like selecting a language from a dropdown) • Content-Length • The size of the resource, in decimal number of bytes. • Content-Type • Indicates the media type of the resource. • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
The GET Method • GET is used to request data from a specified resource. • GET is one of the most common HTTP methods. • GET requests can be cached • GET requests remain in the browser history • GET requests can be bookmarked • GET requests should never be used when dealing with sensitive data • GET requests have length restrictions • GET requests are only used to request data (not modify)
The GET Method Syntax GET /index.html
The POST Method • The HTTP POST method sends data to the server. The type of the body of the request is indicated by the Content-Type header. • The difference between PUT and POST is that PUT is idempotent: calling it once or several times successively has the same effect (that is no side effect), where successive identical POST may have additional effects, like passing an order several times.POST requests are never cached • POST requests do not remain in the browser history • POST requests cannot be bookmarked • POST requests have no restrictions on data length
The POST Method POST /test HTTP/1.1 Host: foo.example Content-Type: application/x-www-form-urlencoded Content-Length: 27 field1=value1&field2=value2
The PUT Method • The HTTP PUT request method creates a new resource or replaces a representation of the target resource with the request payload. • The difference between PUT and POST is that PUT is idempotent: calling it once or several times successively has the same effect (that is no side effect), where successive identical POST may have additional effects, like passing an order several times.
The DELETE Method • The HTTP DELETE request method deletes the specified resource.

More Related Content

PPSX
API Test Automation
SQALab
 
PPTX
Rest assured
Varun Deshpande
 
PDF
API Testing
Bikash Sharma
 
PPTX
REST-API introduction for developers
Patrick Savalle
 
PPTX
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
PPT
Understanding REST
Nitin Pande
 
PPTX
introduction about REST API
AmilaSilva13
 
PDF
An Introduction To Automated API Testing
Sauce Labs
 
API Test Automation
SQALab
 
Rest assured
Varun Deshpande
 
API Testing
Bikash Sharma
 
REST-API introduction for developers
Patrick Savalle
 
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
Understanding REST
Nitin Pande
 
introduction about REST API
AmilaSilva13
 
An Introduction To Automated API Testing
Sauce Labs
 

What's hot (20)

DOCX
Api testing bible using postman
Abhishek Saxena
 
PPTX
Rest assured
Yaniv Rodenski
 
PDF
2015-StarWest presentation on REST-assured
Eing Ong
 
PDF
Learn REST in 18 Slides
Suraj Gupta
 
PPTX
Soap vs rest
Antonio Severien
 
PPT
Postman.ppt
ParrotBAD
 
PPTX
Api Testing
Vishwanath KC
 
PPTX
ASP.NET Web API and HTTP Fundamentals
Ido Flatow
 
PPTX
POSTMAN.pptx
RamaKrishna970827
 
PDF
REST API and CRUD
Prem Sanil
 
PPTX
Spring boot Introduction
Jeevesh Pandey
 
PPTX
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
PPTX
Api testing
HamzaMajid13
 
PPTX
Apache tomcat
Shashwat Shriparv
 
PDF
Introduction to ReactJS
Hoang Long
 
PPTX
Introduction to angular with a simple but complete project
Jadson Santos
 
PDF
Api Testing.pdf
JitendraYadav351971
 
PDF
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
PDF
Hibernate Presentation
guest11106b
 
PPTX
REST & RESTful Web Services
Halil Burak Cetinkaya
 
Api testing bible using postman
Abhishek Saxena
 
Rest assured
Yaniv Rodenski
 
2015-StarWest presentation on REST-assured
Eing Ong
 
Learn REST in 18 Slides
Suraj Gupta
 
Soap vs rest
Antonio Severien
 
Postman.ppt
ParrotBAD
 
Api Testing
Vishwanath KC
 
ASP.NET Web API and HTTP Fundamentals
Ido Flatow
 
POSTMAN.pptx
RamaKrishna970827
 
REST API and CRUD
Prem Sanil
 
Spring boot Introduction
Jeevesh Pandey
 
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
Api testing
HamzaMajid13
 
Apache tomcat
Shashwat Shriparv
 
Introduction to ReactJS
Hoang Long
 
Introduction to angular with a simple but complete project
Jadson Santos
 
Api Testing.pdf
JitendraYadav351971
 
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
Hibernate Presentation
guest11106b
 
REST & RESTful Web Services
Halil Burak Cetinkaya
 
Ad

Similar to Rest API Testing (20)

PPTX
Rest APIs Training
Shekhar Kumar
 
PPTX
Rest WebAPI with OData
Mahek Merchant
 
PPTX
Test Design and Automation for REST API
Ivan Katunou
 
PPTX
Ivan Katunov. Comaqa Spring 2018. Test Design and Automation for Rest API.
COMAQA.BY
 
PPTX
Pragmatic REST APIs
amesar0
 
PDF
REST API Recommendations
Jeelani Shaik
 
PPT
Servlet.ppt
kstalin2
 
PPT
Servlet.ppt
MouDhara1
 
PPT
Servlet1.ppt
KhushalChoudhary14
 
PPT
Servlet (1) also contains code to create it.ppt
juhishrivastava25
 
PDF
Api security-testing
n|u - The Open Security Community
 
PPT
Servlet123jkhuiyhkjkljioyudfrtsdrestfhgb
shubhangimalas1
 
PDF
Best Practices in Web Service Design
Lorna Mitchell
 
PPTX
Overview of REST - Raihan Ullah
Cefalo
 
PDF
Ch 3: Web Application Technologies
Sam Bowne
 
PDF
CNIT 129S: Ch 3: Web Application Technologies
Sam Bowne
 
PPTX
RESTful Services
Jason Gerard
 
PDF
CNIT 129S - Ch 3: Web Application Technologies
Sam Bowne
 
PPTX
Overview of java web services
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
PPTX
6 Months Industrial Training in Spring Framework
Arcadian Learning
 
Rest APIs Training
Shekhar Kumar
 
Rest WebAPI with OData
Mahek Merchant
 
Test Design and Automation for REST API
Ivan Katunou
 
Ivan Katunov. Comaqa Spring 2018. Test Design and Automation for Rest API.
COMAQA.BY
 
Pragmatic REST APIs
amesar0
 
REST API Recommendations
Jeelani Shaik
 
Servlet.ppt
kstalin2
 
Servlet.ppt
MouDhara1
 
Servlet1.ppt
KhushalChoudhary14
 
Servlet (1) also contains code to create it.ppt
juhishrivastava25
 
Api security-testing
n|u - The Open Security Community
 
Servlet123jkhuiyhkjkljioyudfrtsdrestfhgb
shubhangimalas1
 
Best Practices in Web Service Design
Lorna Mitchell
 
Overview of REST - Raihan Ullah
Cefalo
 
Ch 3: Web Application Technologies
Sam Bowne
 
CNIT 129S: Ch 3: Web Application Technologies
Sam Bowne
 
RESTful Services
Jason Gerard
 
CNIT 129S - Ch 3: Web Application Technologies
Sam Bowne
 
Overview of java web services
Todd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
6 Months Industrial Training in Spring Framework
Arcadian Learning
 
Ad

Recently uploaded (20)

PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Encapsulation theory and applications.pdf
gurumoop
 
MYSQL Presentation for SQL database connectivity
Swati270511
 

Rest API Testing

  • 1. REST API TEST By Anil Upadhyay
  • 2. Test Case Creation • Understanding the functionality of the API program and clearly define the scope of the program • Apply testing techniques such as equivalence classes, boundary value analysis, and error guessing and write test cases for the API • Input Parameters for the API need to be planned and defined appropriately • Execute the test cases and compare expected and actual results.
  • 3. Basic Practice of API Testing • Test cases should be grouped by test category • On top of each test, you should include the declarations of the APIs being called. • Parameters selection should be explicitly mentioned in the test case itself • Prioritize API function calls so that it will be easy for testers to test • Each test case should be as self-contained and independent from dependencies as possible • Call sequencing should be performed and well planned • To ensure complete test coverage, create test cases for all possible input combinations of the API.
  • 4. Automated Testing of APIs using Java • Plain Old Java Object (POJO) • Serialisation & Deserialisation • Rest-assured • Any Java Assert Library
  • 5. POJO • Plain Old Java Object (POJO): Pojo in Java stands for Plain Old Java Object and they are used for increasing the readability and re-usability of a program. They are normal java objects, unbounded by special restrictions, other than the ones forced by the Java Language Specification. • In simpler terms, Pojo is defined as a pure data structure, containing the getter and setter fields. It has the ability to override certain methods from Object or an interface such as Serializable. • A POJO must not : • Extend pre-specified classes: Ex- public class Test extends javax.servlet.http.HttpServlet is not considered to be a POJO class. • Contain pre-specified annotations: Ex- @javax.persistence.Entity public class Test{..} is not a pojo class. • Implement prespecified interfaces: Ex- public class Test implements javax.ejb.EntityBean { … } is not considered to be a POJO class.
  • 6. Serialisation & Deserialisation • Serialisation is a mechanism of converting the state of an object into a byte stream. Deserialisation is the reverse process where the byte stream is used to recreate the actual Java object in memory. This mechanism is used to persist the object.
  • 7. HTTP METHODS • HTTP defines a set of request methods to indicate the desired action to be performed for a given resource. Although they can also be nouns, these request methods are sometimes referred as HTTP verbs. Each of them implements a different semantic, but some common features are shared by a group of them: e.g. a request method can be safe, idempotent, or cacheable. • GET : The GET method requests a representation of the specified resource. Requests using GET should only retrieve data.
  • 8. HTTP METHODS • POST: The POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server. • PUT: The PUT method replaces all current representations of the target resource with the request payload. • DELETE: The DELETE method deletes the specified resource. • PATCH: The PATCH method is used to apply partial modifications to a resource.
  • 9. HTTP HEADERS • HTTP headers let the client and the server pass additional information with an HTTP request or response. An HTTP header consists of its case-insensitive name followed by a colon (:), then by its value. Whitespace before the value is ignored. • Headers can be grouped according to their contexts: • General headers apply to both requests and responses, but with no relation to the data transmitted in the body. • Request headers contain more information about the resource to be fetched, or about the client requesting the resource.
  • 10. HTTP HEADERS • Response headers hold additional information about the response, like its location or about the server providing it. • Entity headers contain information about the body of the resource, like its content length or MIME type.
  • 11. IMPORTANT HEADERS • Authorization • Contains the credentials to authenticate a user-agent with a server. • Connection • Controls whether the network connection stays open after the current transaction finishes. • Keep-Alive • Controls how long a persistent connection should stay open.
  • 12. IMPORTANT HEADERS • Accept • Informs the server about the types of data that can be sent back. • Accept-Language • Informs the server about the human language the server is expected to send back. This is a hint and is not necessarily under the full control of the user: the server should always pay attention not to override an explicit user choice (like selecting a language from a dropdown) • Content-Length • The size of the resource, in decimal number of bytes. • Content-Type • Indicates the media type of the resource. • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
  • 13. The GET Method • GET is used to request data from a specified resource. • GET is one of the most common HTTP methods. • GET requests can be cached • GET requests remain in the browser history • GET requests can be bookmarked • GET requests should never be used when dealing with sensitive data • GET requests have length restrictions • GET requests are only used to request data (not modify)
  • 15. The POST Method • The HTTP POST method sends data to the server. The type of the body of the request is indicated by the Content-Type header. • The difference between PUT and POST is that PUT is idempotent: calling it once or several times successively has the same effect (that is no side effect), where successive identical POST may have additional effects, like passing an order several times.POST requests are never cached • POST requests do not remain in the browser history • POST requests cannot be bookmarked • POST requests have no restrictions on data length
  • 16. The POST Method POST /test HTTP/1.1 Host: foo.example Content-Type: application/x-www-form-urlencoded Content-Length: 27 field1=value1&field2=value2
  • 17. The PUT Method • The HTTP PUT request method creates a new resource or replaces a representation of the target resource with the request payload. • The difference between PUT and POST is that PUT is idempotent: calling it once or several times successively has the same effect (that is no side effect), where successive identical POST may have additional effects, like passing an order several times.
  • 18. The DELETE Method • The HTTP DELETE request method deletes the specified resource.