The most complete interface test in history, hematemesis finishing from zero to interface automation...

Contents: Guide

foreword

Interface testing (API testing) refers to testing the interfaces in the system, mainly to verify whether the interfaces meet the expected function, performance and security requirements.

Python interface automated testing: https://www.bilibili.com/video/BV16G411x76E/

Interface testing is usually carried out after developers complete unit testing, the purpose is to ensure that different parts of the code can interact and cooperate correctly to ensure the stability and reliability of the entire system.

common interface

webService interface: It is transmitted through http through the soap protocol. Both the request message and the return message are in xml format. We only need to use tools to call and test when testing. Tools that can be used include SoapUI, jmeter, loadrunner, etc.;

Http api interface: It uses the http protocol to distinguish calls through paths. The request messages are in the form of key-value, and the returned messages are generally json strings. There are methods such as get and post, which are also the two most commonly used methods. way of request. Tools that can be used include postman, jmeter, apifox, loadrunner, etc.;

front end and back end

Before talking about interface testing, let's figure out these two concepts, front-end and back-end.

What is the front end?
For the web side, the web pages we use and the websites we open are all front-ends, which are written in html and css; for the app side, it is the app we use, android or object-C (development app on ios) developed.

Its function is to display the page, let us see a beautiful page, and do some simple checks, such as non-null checks. When we operate on the page, these business logic and functions, such as when you shop, send These functions of Weibo are realized by the backend. The backend controls the deduction of your balance when you shop, which account you send Weibo to, and how the frontend and the backend interact, that is, through the interface.

What I said above may not be easy to understand, but you can just remember: the front end is responsible for the beauty and beauty, and the back end is responsible for earning money to support the family.

What is interface testing

In fact, I think interface testing is very simple, even simpler than general functional testing. Now many companies looking for a job require experience in interface testing.

What is interface testing? In the attitude of pretending to understand if you don’t understand, I will say: the so-called interface test is to judge whether the interface meets or meets the corresponding functional and security requirements by testing the corresponding input and output information of the input and participation in different situations.

Why do I say that interface testing is simpler than functional testing?
Because the function test is to input the value from the page, and then pass the value to the backend by clicking the button or link, and the function test also needs to test the UI, front-end interaction and other functions, but the interface test has no page, it is called through the interface specification document Addresses, request parameters, splicing messages, then sending requests, and checking the returned results, so it only needs to measure the input and output parameters, which is relatively simple.

The composition of the interface

What are the components of the interface?
First, the interface document should contain the following content:
1. Interface description
2. Call url
3. Request method (get\post)
4. Request parameter, parameter type, request parameter description
5. Return parameter description

According to the interface document, the interface should at least consist of request address, request method, and request parameters (input parameters and output parameters), and some interfaces have request headers.

Header (header): It is the string sent by the server before transmitting the HTML data to the browser through the HTTP protocol. There is still a blank line between the header and the HTML file. Generally, cookies, tokens and other information are stored.

Some students asked me what is the relationship between the header and the entry? Aren't they both parameters sent to the server?

First of all, they are indeed parameters sent to the server, but they are different. The parameters stored in the header generally store some verification information, such as cookies, which are used to verify whether the request has permission to request the server. If so, it can request the server, and then send the request address together with the input parameters to the server, and then the server will return the output parameters according to the address and the input parameters.

That is to say, the server first accepts the header information to determine whether the request has permission, and then accepts the request address and input parameters after judging that it has permission.

Why do interface testing

Everyone knows that the interface is actually used for the interaction between the front-end page or APP and other calls and the back-end, so many people will ask, I have tested the function test, why do I need to test the interface?

Let me give you an example:

For example, to test the user registration function, the user name is specified to be 6 to 18 characters, including letters (case-sensitive), numbers, and underscores. First of all, the user name rules will definitely be tested during functional testing, such as entering 20 characters, entering special characters, etc., but these may only be verified on the front end, and the back end may not be verified. What if the front-end verification is sent directly to the back-end?

Just imagine, if the user name and password are not verified in the backend, and someone bypasses the front-end verification, can't the user name and password be entered casually? If it is possible to log in at will through SQL injection and other means, and even obtain administrator privileges, isn't this scary?

Therefore, the necessity of interface testing is reflected:
①, you can find many bugs that cannot be found in the operation on the page;
②, check the exception handling ability of the system
; ③, check the security and stability of the system
; The test is done, the back end does not need to be changed

How to test the interface?

Before conducting interface testing, you also need to know:

If the GET and POST requests
are get requests, just enter them directly in the browser. As long as you can directly request them in the browser, they are all get requests. If it is a post request, it will not work, so you have to use tools to send.

The difference between GET request and POST request:
1. GET uses URL or Cookie to pass parameters. Whereas POST puts data in BODY.
2. The URL of GET has a length limit, and the data of POST can be very large.
3. POST is safer than GET because the data is not visible on the address bar.
4. Generally, get requests are used to obtain data, and post requests are used to send data.

In fact, among the above points, only the last point is more reliable. The first point is that the post request can also put the data in the url. The get request actually has no length limit. The post request seems to have implicit parameters. It’s a bit safer, but that’s only for novice users. Even if you post a request, you can capture the parameters by capturing packets. So you can just say it during the above interviews.

HTTP status code

Every time an http request is sent, there will be a response. http itself will have a status code to indicate whether the request is successful. The common status codes are as follows:

200: 2 at the beginning means that the request is sent successfully, the most common is 200, which means the request is ok, and the server also returns; 300: 3 at the beginning of the representative redirection, the most common is
302, the request is redirected Directed to another place;
400: 400 means that the request sent by the client has a grammatical error, 401 means that the accessed page is not authorized, 403 means that there is no permission to access this page, 404 means that there is no such page; 500: 5 means that the server
has Abnormal, 500 means internal server exception, 504 means server timed out, no result returned;

Next, let’s talk about how to test the interface:

Common interface use case design

① Passability verification: First of all, it is necessary to ensure that the interface function is easy to use, that is, the normal passability test, according to the parameters on the interface document, pass in normally, and whether the correct result can be returned.
②. Parameter combination: Now there is an interface for operating products, and there is a field type. When passing 1, it means modifying the product. One of the product id, product name, and price must be passed. When type 2 is passed, the product is deleted. The id must be passed. In this case, it is necessary to test the parameter combination. When the type is passed as 1, whether the modification can be successful when only the product name is passed, and whether the modification can be successful when the id, name, and price are passed.

③. Interface security:
Bypass verification. For example, if you buy a product and its price is 300 yuan, then when I submit the order, I change the price of this product to 3 yuan. Is there any verification in the back end? point, I change the money to -3, will my balance still increase?

Bypass identity authorization, such as modifying the product information interface, it must be modified by the seller, then I will pass an ordinary user, can the modification be successful, and I will pass another seller, can the modification be successful

Whether the parameters are encrypted, such as the interface I log in, whether the user name and password are encrypted, if not encrypted, others can obtain your information if they intercept your request, and whether the encryption rules are easy to crack.

Password security rules, password complexity verification

④. Abnormal verification:
The so-called abnormal verification means that I do not input parameters according to the requirements on your interface document to verify the interface's verification of abnormal conditions. For example, if the required parameters are not filled, if you enter an integer type, pass in a string type, and if the length is 10, pass in 11. In short, it is how you say, I will not come. In fact, there are only these three types, which must be passed. Optional, parameter type, input parameter length.

Design use cases based on business logic

Designing according to business logic is to design use cases according to the business of your own system. The business of each company is different, so you have to look at your company's business in detail. In fact, this is the same as functional test design use cases.

For example, take bbs as an example, the requirements of bbs are as follows:

1. If you fail to log in 5 times, you need to wait for 15 minutes before logging in again.
2. Newly registered users need to pass the internship period before they can post.
3. Deleting posts will deduct points
. 4.
　　
You should list these test points like this, Then create the corresponding test points for data testing.

what tool to use

There are many tools for interface testing, such as postman, jmeter, apifox, loadrunner, RESTClient, SoapUI, etc. The first testing tools I recommend are postman and jmeter.

postman is an interface test plug-in of Google. It is easy to use, supports use case management, supports get, post, file upload, response verification, variable management, environment parameter management and other functions. It can be run in batches and supports use case export and import.

jmeter is a free and open source tool written in 100% pure Java. It is mainly used for performance testing. Compared with loadrunner, it has a small memory footprint, is free and open source, lightweight and convenient, and does not need to be installed. It is more and more popular among the public. .

How to do interface automation testing

Now in the market, most companies and enterprises are doing interface automation testing.
Interface automation: You need to be familiar with the Python language, and then learn Python's networking library Requests on the basis of the Python language, which needs to be packaged into a test script. At this time, you need the Pytest+allure unit test library or use Unittest+HtmltestRunner to control the script to generate test reports. If you need continuous integration, you can learn Jenkins.

Interface automation testing direction: Python+requests+pytest+yaml+alluer+Jenkins;

The following is the most complete software test engineer learning knowledge architecture system diagram in 2023 that I compiled