Literacy content:
1. What is an interface?
2. What types of interfaces are there?
3. What is the essence of the interface?
4. What is interface testing?
5. What is the interface test?
6. How to do interface test?
7. What is the interface test point?
8. What knowledge should be mastered in interface testing?
9. Other relevant knowledge?
A complete set of interface testing practical tutorials: from zero foundation to proficiency, the first recommendation of station B is worth your collection
1. What is an interface?
Interface testing is mainly used for interaction points between external systems and internal subsystems, to define specific interaction points, and then through these interaction points, through some special rules, that is, protocols, to carry out data exchange interact.
2. What types of interfaces are there?
Interfaces are generally divided into two types: 1. Internal interfaces of the program 2. External interfaces of the system
The external interface of the system: For example, if you want to obtain resources or information from other websites or servers , others will definitely not share the database with you. They can only provide you with a method they have written to obtain data, and you quote it. The interface can use the method he wrote, so as to achieve the purpose of data sharing.
The interface inside the program: the interaction between methods, between modules and modules, the interface thrown inside the program, such as the bbs system, there are login modules, posting modules, etc., then you must log in first if you want to post, then this The two modules have to interact, and it will throw an interface for the internal system to call.
Classification of interfaces: 1. webservice interface 2. http api interface
The webService interface is transmitted through http through the soap protocol. Both the request message and the return message are in xml format. We only use the passing tool to call and test when testing.
The http api interface uses the http protocol to distinguish the calling method through the path. The request message is in the form of key-value, and the returned message is generally a json string. There are methods such as get and post, which are also the most commonly used two request method.
JSON is a universal data type that all languages recognize. (The essence of json is a string. It has nothing to do with other languages. It can only be converted into data types in other languages after a little processing. For example, it can be converted into a dictionary in Python, and the form of key-value can be converted into native in JavaScript. Object, can be converted into a class object in java, etc.)
3. What is the nature of the interface and how it works?
You can simply understand that the interface is a URL. The working principle is that the URL sends something to the server through a get or post request, and then gets some corresponding return values. The essence is the transmission and reception of data.
4. What is interface testing?
Interface testing is a type of testing that tests the interfaces between system components. Interface testing is mainly used to detect the interaction points between external systems and internal subsystems. The focus of the test is to check the exchange of data, the process of delivery and control management, and the mutual logical dependencies between the systems.
The short answer is to transmit the data we want to transmit through URLs such as servers or other modules, and then see if they return what we expected.
5. What is the interface test?
1. The lower the bug is found, the lower the repair cost.
2. The front-end can be changed at will, the interface has been tested, and the back-end does not need to be changed. The front-end and the front-end are developed by two groups of people.
3. Check the security and stability of the system. The front-end parameters are untrustworthy. For example, Jingdong shopping, the front-end price cannot be passed in -1 yuan, but -1 yuan can be passed in through the interface.
4. Today's system complexity continues to rise, the cost of traditional testing methods increases sharply and the test efficiency drops sharply. Interface testing can provide a solution in this case.
5\. Interface testing is relatively easy to achieve automated continuous integration , and it is also relatively stable compared to UI automation, which can reduce labor costs and time for manual regression testing, shorten the testing cycle, and support the rapid release of back-end requirements. Interface continuous integration is the root cause of low cost and high return.
6. Now many systems front-end [architecture] (http://lib.csdn.net/base/architecture) are separated, from the security level:
(1) Relying only on the front-end for restrictions can no longer meet the security requirements of the system (it is too easy to bypass the front-end), and the back-end needs to be controlled as well. In this case, it is necessary to verify from the interface level.
(2) It also needs to be verified whether information such as front-end and back-end transmission and log printing is encrypted and transmitted, especially when it involves user's private information, such as ID card, bank card, etc.
6. How to do interface test?
– Since the front-end and back-end calls of our project are mainly based on the interface of the http protocol, when testing the interface, we mainly use tools or codes to simulate the sending and receiving of http requests. There are many tools such as: postman, jmeter, soupUI, java+httpclient, robotframework+httplibrary, etc.
– It can also be realized by interface automation, that is, by code, the framework is similar to UI automation, and the sending request is judged by assertion.
7. What is the interface test point?
Purpose: to test the correctness and stability of the interface;
Principle: Simulate the process that the client sends a request message to the server, the server processes the corresponding message after receiving the request message and returns a response to the client, and the client receives the response;
Key points: Examining data exchange, transfer and control management processes, including the number of processes;
Core: continuous integration is the core of interface testing;
Advantages: Bring efficient defect monitoring and quality supervision capabilities to highly complex platforms. The more complex the platform, the larger the system, the more obvious the effect of interface testing (improving test efficiency, improving user experience, and reducing R&D costs);
Key points of use case design: Usually, the two outermost interfaces are mainly tested: data entry system interface (calling the parameters of the external system for use by the system) and data outflow system interface (verifying whether the data processed by the system is normal);
PS: When designing use cases, it is also necessary to pay attention to what functions external interfaces provide to external users who use these interfaces, and what functions external users really need;
Question 1. What are the back-end interfaces tested?
– To answer this question, we can start from the perspective of the content of the interface test activity. Take a look at the picture below, which basically reflects the main content of the current back-end interface test of our project:
Question 2. The back-end interface is tested once, and the front-end is also tested once. Is the test repeated?
– To answer this question, we can directly compare the content of interface testing and app-side testing activities. The following figure shows the content that needs to be covered or considered during app testing:
From the comparison of the above two figures, it can be seen that the same parts of the two test activities include functional testing, boundary analysis testing and performance testing , and other parts require special testing due to their different characteristics or concerns, which will not be discussed here. . Next, we will analyze the same content of the above three parts:
1. Basic function test:
Since the test is aimed at basic business functions, this part is the part with the highest overlap between the two tests, and developers usually refer to this part.
2. Boundary analysis test:
Consider the boundary conditions of input and output on the basis of basic functional testing, and this part will also have repeated parts (such as the boundary of business rules). However, the input and output of the front end often provide sticky values for users to choose (such as drop-down boxes). In this case, the boundary range of the test is very limited, but there is no such limitation in the interface test. Relatively speaking The interface can cover a wider range. Similarly, the probability of interface problems is also higher.
3. Performance test:
This is relatively easy to distinguish. Although performance testing is required for both, the focus is quite different. App-side performance mainly focuses on features related to mobile phones, such as mobile phone cpu, memory, traffic, fps, etc. The interface performance mainly focuses on the interface response time, concurrency, and server resource usage. The strategies and methods of the two tests are very different, so this part of the content needs to be tested separately. In theory, this is also a different part.
Summary:
1. The activities of interface testing and app testing have some repetitive content, mainly focusing on business function testing. In addition, the tests for their respective characteristics are different, and targeted tests need to be carried out separately to ensure the quality of the entire product.
2. Interface testing can focus on server logic verification, while UI testing can focus on page display logic and interface front-end and server integration verification
3. Continuous integration of interface testing:
For interface testing, continuous integration automation is the core content. Only by means of automation can we achieve low-cost and high-yield. At present, we have realized interface automation, which is mainly used in the regression stage, and the degree of automation needs to be strengthened in the future, including but not limited to the following:
a) In terms of process: In the regression stage, the coverage of interface exception scenarios is strengthened, and gradually extended to the system test and smoke test stages, and finally achieves full process automation.
b) Result display: richer result display, trend analysis, quality statistics and analysis, etc.
c) Troubleshooting: Error messages and logs are more accurate, making it easier to reproduce and troubleshoot problems.
d) Result verification: strengthen automatic verification capabilities, such as database information verification.
e) Code coverage: Constantly try to drop from the current black box to the white box to improve code coverage.
f) Performance requirements: improve the performance testing system, and monitor whether the interface performance indicators are normal through automated means.
4. Interface test quality evaluation criteria:
a) Whether the business function coverage is complete
b) Whether the business rule coverage is complete
c) Whether the parameter validation meets the requirements (boundary, business rules)
d) Whether the coverage of interface exception scenarios is complete
e) Whether the interface coverage meets the requirements
f) Whether the code coverage meets the requirements
g) Whether the performance indicators meet the requirements
h) Whether the safety indicators meet the requirements
8. What knowledge should be mastered in interface testing?
① Understand the business logic interaction between the system and various internal components;
② Understand the I/O of the interface (input/output: input and output);
③ Understand the basic content of the protocol, including: communication principle, three-way handshake, commonly used protocol types, message composition, data transmission mode, common status codes, URL composition, etc.;
④Common interface testing tools, such as: jmeter, loadrunner, postman, soapUI, etc.;
⑤Basic database operation commands (check data storage, extract test data, etc.);
⑥ Common character types, such as: char, varchar, text, int, float, datatime, string, etc.;
How to learn these skills?
①Business interaction logic between systems: through many channels and methods such as requirements documents, flow charts, mind maps, and communication;
②Protocol: I recommend the book "Illustrated http", which is vivid in content and is relatively an entry-level book. Others include "Illustrated tcp, IP" and so on;
③Interface testing tools: Baidu these tools, and then you will find a lot of teaching blogs, related problem solutions, and some tools-based books, of course, it is very important to choose the right book;
④ Database operation commands: learning websites (W3C, rookie tutorials), teaching blogs, and some database-related books, entry-level recommendations: "mysql must know", "oracle PL/SQL must know", etc.
⑤Character type: Still Baidu, there is a saying: if you are not sure about internal affairs, ask Baidu, and if you are undecided about foreign affairs, ask Google. . .
How to obtain interface-related information?
In general enterprises, the development or corresponding technical personnel will write the interface document, which will indicate the address, parameter type, method, input, output and other information related to the interface. If not, find a way to obtain it. . .
Eight elements of an interface document:
Cover: The cover should preferably be the cover specified by the company, with logo, content title, version number, company name, and date of document generation;
Revision History: The table format is better, including: version, revision description, revision date, revision person, review time reviewer, etc.;
Interface information: interface calling method, commonly used GET/POST method, interface address;
Function description: describe the interface functions concisely and clearly, for example: what information is not included in the interface acquisition;
Interface parameter description: each parameter must be the same as the actual call, including upper and lower case; the meaning of the parameter is concisely explained, and the format is string, int or long, etc.;
In the description part, explain where the parameter value needs to be provided, and detail how the parameter is generated, such as the timestamp, which time period it is, whether the parameter is required, some parameters are mandatory, and some are optional parameters, etc.;
Return value description:
① It is best to have a template return value and explain the meaning of each return parameter;
②Provide a real calling interface and real return value;
Call restrictions, security aspects:
Encryption method, or a special encryption process of your own company, as long as both parties adopt a consistent encryption algorithm, the interface can be called to ensure the security of the interface call, such as the common md5;
Document maintenance: When the document is being maintained, if there is any modification, the modification date and the person who modified it must be written, and the version number must be changed for major modifications;
9. Other relevant knowledge?
The difference between get request and post request:
1. GET uses URL or Cookie to pass parameters. Whereas POST puts data in BODY.
2. The URL of GET has a length limit, and the data of POST can be very large.
3. POST is safer than GET because the data is not visible on the address bar.
4. Generally, get requests are used to obtain data, and post requests are used to send data.
In fact, among the above points, only the last point is more reliable. The first point is that the post request can also put the data in the url. The get request actually has no length limit. The post request seems to have implicit parameters. It’s a bit safer, but that’s only for novice users. Even if you post a request, you can capture the parameters by capturing packets. (The only difference is this, the above 3 points are not accurate)
http status code:
1, 200 and 2 at the beginning all indicate that the request was sent successfully. The most common one is 200, which means that the request is ok and the server returns.
2. The ones starting with 300 and 3 represent redirection, the most common being 302, which redirects the request to another place.
3. 400 400 means that the request sent by the client has a grammatical error, 401 means that the accessed page is not authorized, 403 means that there is no permission to access this page, and 404 means that there is no such page.
4. 500 at the beginning of 5 means that the server has an exception, 500 means an internal server exception, and 504 means that the server has timed out and no result is returned.
How to test the webservice interface:
It does not require you to spell the message, it will give you a webservice address, or a wsdl file, directly import it in soapui, you can see all the interfaces in the webservice, there are also messages, directly fill in the parameters and call, and see the return result That's it.
Weather forecast wsdl address: http://www.webservicex.net/globalweather.asmx?wsdl
The difference between cookie and session:
1. The cookie data is stored on the client's browser, and the session data is stored on the server.
2. Cookies are not very secure. Others can analyze the cookies stored locally and cheat them
Considering security, session should be used.
3. The session will be saved on the server within a certain period of time. When the number of visits increases, it will take up the performance of your server
In consideration of reducing server performance, cookies should be used.
4. The data saved by a single cookie cannot exceed 4K, and many browsers limit a site to save up to 20 cookies.
5. So my personal suggestion:
Store important information such as login information as a session
If other information needs to be retained, it can be placed in a cookie
Thanks to everyone who read my article carefully, although it is not a very valuable thing, if you can use it, you can take it away:
These materials should be the most comprehensive and complete preparation warehouse for [software testing] friends. This warehouse has also accompanied tens of thousands of test engineers through the most difficult journey, and I hope it can help you too!
Information acquisition method:
