Interface testing and common interface testing tools

First, what is an interface?

Generally speaking, there are two kinds of interfaces, one is the internal interface of the program, and the other is the external interface of the system.
External interface of the system: For example, if you want to obtain resources or information from other websites or servers, others will definitely not share the database with you. He can only provide you with a method they wrote to obtain data. You quote him to provide The interface can use the method he wrote, so as to achieve the purpose of data sharing. For example, the app and website we use are called through the interface when processing data.
The interface inside the program: the interaction between methods and methods, the interaction between modules and modules, the interface thrown inside the program, such as the bbs system, there are login modules, post modules, etc., then if you want to post, you must log in first, to post You have to log in, then the two modules have to interact, and it will throw an interface for the internal system to call.

1. Common interface:

1. The webService interface: it is transmitted through the soap protocol through http. The request message and the return message are in xml format. We can only use the tool to call and test when testing. Tools that can be used include SoapUI, jmeter, loadrunner, etc.;

2. http api interface: it follows the http protocol and distinguishes the calling method by the path. The request message is in the form of key-value, and the returned message is generally a json string. There are methods such as get and post, which are also the most commonly used. two request methods. Tools that can be used include postman, RESTClient, jmeter, loadrunner, etc.;

2. Front-end and back-end:

Before talking about interface testing, let's first clarify these two concepts, front-end and back-end.
What is the front end? For the web side, the web pages we use and the websites we open are all front ends, which are written in html and css; for the app side, it is the app we use, android or Developed by object-C (developing app on ios), its function is to display the page, let us see the beautiful page, and do some simple verification, such as non-empty verification, when we operate on the page , These business logic and functions, such as shopping and posting Weibo, are implemented by the back-end. The back-end controls when you shop, deduct your balance, and send Weibo to which account, and the front-end and How does the back end interact, that is, through the interface.
You may not understand what I said before, you just need to remember: the front end is responsible for the beauty and beauty, and the back end is responsible for making money to support the family.

3. What is interface testing:

Interface testing is a type of testing that tests the interface between system components. Interface testing is mainly used to detect the interaction points between the external system and the system and between the various internal subsystems. The focus of the test is to check the data exchange, transfer and control management process, as well as the mutual logical dependencies between systems.

OK, the above is what Baidu Encyclopedia said, the following is what I said

In fact, I think the interface test is very simple, even simpler than the general functional test (I will say this first, I may delete O(∩_∩)O in the future!), many companies looking for a job now require experience in interface testing. There are also a lot of people who ask me (just two or three people) what is the interface test. In the attitude of pretending to understand if you don’t understand, I will say: the so-called interface test is to pass the test of the corresponding input and output information of the participation in different situations. To judge whether the interface meets or meets the corresponding functional and security requirements.

Why do I say that interface testing is simpler than functional testing, because functional testing is to input values from the page, and then pass the value to the backend by clicking buttons or links, and functional testing also tests UI, front-end interaction and other functions, but interface testing There is no page, it uses the calling address and request parameters on the interface specification document, splices the message, sends the request, and checks the returned result, so it only needs to measure the input and output parameters, which is relatively simple.

Fourth, the interface composition

What are the parts of the interface?

First, the interface documentation should contain the following:

1. Interface description
2. Call url
3. Request method (get\post)
4. Request parameter, parameter type, request parameter description
5. Return parameter description

According to the interface documentation, the interface should at least consist of the request address, request method, and request parameters (input and output parameters), and some interfaces have request headers.

Header: It is a string sent by the server before the HTML data is sent to the browser by the HTTP protocol. A blank line is required to separate the header and the HTML file. Generally, information such as cookies and tokens are stored.

Some students asked me what is the relationship between header and participation? Aren't they all parameters sent to the server?

OK, first of all, they are all parameters sent to the server, but they are different. The parameters stored in the header generally store some verification information, such as cookies, which are used to verify whether the request has permission. The server, if there is, it can request the server, and then send the request address together with the input parameters to the server, and then the server will return the output parameters according to the address and input parameters. That is to say, the server first accepts the header information to determine whether the request has a permission request, and then only accepts the request address and input parameters after judging that there is permission.

5. Why do interface testing:

We all know that the interface is actually used by the front-end page or APP to interact with the back-end, so many people will ask, I have already tested the function test, why should I test the interface? OK, before answering this question, let me give you a chestnut:

For example, to test the user registration function, the user name is specified to be 6 to 18 characters, including letters (case-sensitive), numbers, and underscores. First of all, the user name rules will definitely be tested during functional testing, such as entering 20 characters, entering special characters, etc., but these may only be verified on the front end, and the back end may not be verified. What if the front-end verification is sent directly to the back-end? Just imagine, if the username and password are not verified on the back-end, and someone bypasses the front-end verification, then the username and password can be lost casually? If it is a login, you may log in at will through SQL injection and other means, or even obtain administrator privileges, isn't that scary?

Therefore, the necessity of interface testing is reflected:

①、You can find a lot of bugs that can not be found in the operation on the page

②、Check the exception handling capability

of the system ③、Check the security and stability of the system

Six, how to test the interface test:

Before performing interface testing, you also need to know:

1), GET and POST requests:
   if it is a get request, just enter it directly in the browser, as long as it can be directly requested in the browser, it is a get request, if it is a post request, it will not work, It has to be sent with the help of a tool.
The difference between GET request and POST request:
   1. GET uses URL or Cookie to pass parameters. Whereas POST puts data in BODY.
   2. The URL of GET will be limited in length, and the data of POST can be very large.
   3. POST is safer than GET because the data is not visible on the address bar.
   4. Generally, get requests are used to obtain data, and post requests are used to send data.
In fact, of the above points, only the last point is more reliable. The first post request can also put the data in the url. In fact, there is no length limit for the get request. The post request seems to have implicit parameters. It's a little more secure, but that's only for novice users. Even if you make a post request, you can capture the parameters by capturing packets. So you can just say it during the above interview.

2), http status code

After each http request is issued, there will be a response, and http itself will have a status code to indicate whether the request is successful
. The common one is 200, which means that the request is ok and the server returns it.
2. 300 3 means redirection, the most common is 302, redirect the request to another place, 3,
400 400 means that the request sent by the client has a syntax error, 401 means that the accessed page is not authorized, 403 Indicates that there is no permission to access this page, 404 means that there is no such page
4, 500 means that the server has an exception, 500 means that the server has an internal abnormality, 504 means that the server timed out, and no result was returned.

Next, let's talk about how to test the interface test:

1), common interface use case design

①、Passability verification: First of all, it must be ensured that the interface function is easy to use, that is, the normal passability test, according to the parameters on the interface document, the normal input, whether it can return the correct result.
②. Parameter combination: Now there is an interface for manipulating commodities. There is a field type. When 1 is passed, it means to modify the commodity. One of commodity id, commodity name and price must be passed. When type is passed 2, it is to delete the commodity and the commodity. The id is required to be passed. In this case, the parameter combination must be tested. When the type is passed as 1, only the product name can be modified successfully. When the id, name, and price are all passed, can the modification be successfully modified.

③、Interface security:
     1. Bypass the verification. For example, if you buy a product, its price is 300 yuan, then when I submit the order, I will change the price of this product to 3 yuan. Has the back-end been verified? To be more ruthless, I changed the money to -3, is my balance still going to increase?
     2. Bypassing identity authorization, such as modifying the product information interface, it must be modified by the seller. Then I pass an ordinary user, whether the modification can be successful, and whether I can pass another seller successfully
     . 3. Whether the parameters are encrypted, For example, whether the user name and password of the interface I log in are encrypted, if not, if others intercept your request, they will be able to obtain your information, and whether the encryption rules are easy to crack.
     4. Password security rules, password complexity verification

④. Exception verification:
　　The so-called exception verification means that I do not enter parameters according to the requirements of your interface document to verify the interface's verification of abnormal conditions. For example, if the required parameters are not filled in, the integer type is input, the string type is input, the length is 10, and 11 is passed. In short, it is what you say, I will not come. In fact, there are only these three types, which must be passed. Optional, parameter type, input parameter length.

2) Design use cases
　　according to business logic If you design according to business logic, you design use cases according to the business of your own system. The business of each company is different, so you have to look at the business of your own company. In fact, this is also the same as The functional test design case is the same.
    　　For example, taking bbs as an example, the requirements of bbs are as follows:
  　　 1. If you fail to log in 5 times, you need to wait 15 minutes before logging
  　　 in. 2. Newly registered users need to pass the internship period before they can post
   　　 . 3. Delete posts and deduct points.
   　　 4....
   　　You have to list these test points, and then create the test points corresponding to the data test.

7. What tools to use to measure

　　There are many tools for interface testing, such as postman, RESTClient, jmeter, loadrunner, SoapUI, etc. The test tools I recommend are postman and jmeter. Next, I will briefly introduce how to use these two tools for interface testing. Other tools are temporarily used this time. Not introduced.

1), Postman is an interface test plug-in of Google, it is easy to use, supports use case management, supports get, post, file upload, response verification, variable management, environmental parameter management and other functions, can be run in batches, and supports use case export, import.

jmeter is a free and open source tool written in 100% pure Java. It is mainly used for performance testing. Compared with loadrunner, it occupies less memory, is free and open source, lightweight and convenient, and does not require installation. It is more and more popular among the public. .

Note: The addresses used in the following use cases are all in my local environment, which cannot be accessed from the external network, sorry.

1. Obtain user information: This interface is used to obtain user information through userid

　　Request address: http://192.168.1.102:8081/getuser

　　Request method: POST/GET

Input parameters:

parameter	data type (length)	Is it mandatory	Remark
userid	String	AND	userid

Outgoing parameters:

parameter	data type (length)	Remark
code	int	Status code 200 is success, 500 is abnormal
age	int	age
id	string	userid
name	String	username

The request in postman is as follows

The request in jmeter is as follows:

②, get user information: need to add header, Content-Type application/json

1.1 Request address

http://192.168.1.102:8081/getuser2

1.2 Request method

get/post

1.3 Input parameters

parameter	data type (length)	Is it mandatory	Remark
userid	String	AND	userid

1.4 Output parameters

parameter	data type (length)	Remark
code	int	Status code 200 is success, 500 is abnormal
userid	int	userid
name	string	user name
age	int	User age

The postman test is as follows. This time the input parameter is json type. Of course, the document does not say that json must be used. Other methods are also possible.