API automated testing

  API testing has become one of the daily testing tasks. In order to improve testing efficiency and reduce repetitive manual operations, API automated testing has gradually become more and more important. This article is a summary of some of my experience and experience in API automated testing. for readers

I believe that automation skills have become standard for the overall skills of senior test engineers. Agile and continuous testing disrupt traditional test automation practices, causing test engineers to rethink how automation is done. Today's automation engineers need to go deep into the API level below the GUI to complete software quality protection.

The second change leading to the shift to API testing is IoT. IoT is an everyday object with embedded functionality that allows it to communicate over the web using HTTP or HTTPS to communicate with remote backend services.

Let's share the basic usage guidelines of API testing:

1. What is API testing?

An Application Programming Interface (API) is a specification that acts as an interface to software components. Most functional testing involves testing user interfaces such as web pages or forms, while API testing involves bypassing the user interface and communicating directly with the service program by calling its API.

API testing allows tests to bypass the GUI and send requests directly to the application's backend or service, and receive the response while validating the response content to ensure it is functioning as expected.

The example above is often referred to as a client/server relationship. A client makes a request by asking for a resource, and the request goes out to find a server that will fulfill the request. The server finds the resource it needs, and sends a response back to the client.

2. Why is API testing important?

With agile development becoming the standard for most Internet companies, the way we develop software and automate testing has changed dramatically. Before agile development, most of the automation time was done through the graphical user interface (GUI). This is the part that tools like Selenium and UFT/QTP handle.

However, if you've been automating for a while, you know how time-consuming, brittle, and difficult to maintain these types of tests can be. Enterprises invest a lot of money to create custom functional GUI test automation frameworks, but it is likely that they will eventually lose confidence in its reliability until people stop investing.

Likewise, GUI tests for user interfaces tend to take a long time to run. For some agile practices (such as continuous builds), the time it takes to receive feedback from a GUI regression test suite when migrating in new code is unacceptable.

• API Quick Feedback

In these cases, faster feedback is required. The sooner a bug is found, the better, because developers will immediately know that a code change they made has broken the build and therefore needs to be checked. In a test-driven process, users need large sets of tests to run quickly and frequently, and must be able to integrate them into the development lifecycle.

GUI testing is still very important. It is the only type of testing that truly tests how users experience the application in production. Certain bugs can only be caught by GUI testing. In other words, although crucial, GUIs should not be the only type of automation that users focus on, nor should they be the largest part of the total amount of automated testing.

The type of automation that Agile focuses on is more reliable underlying testing of APIs and less involving GUI automation.

3. API Testing Pyramid

GUI testing

GUI testing focuses on testing the application user interface to ensure that it functions correctly. GUI tests are at the top of the pyramid and represent only a small fraction of the total number of types of automated tests that should be created.

unit test

Unit tests form the largest part of the pyramid, forming a solid foundation. Create unit tests to verify individual units of source code, such as methods. By doing this, developers can isolate the smallest testable parts of their code. Unit tests are the easiest to create and yield the most benefits. Since unit tests are usually written in the same language in which the application is written, developers can easily add them to the development process.

API testing

The middle service layer is the "sweet spot" to create tools like Rest-Assured and Postman.

The point of service testing is to verify that the interactions of many small components can be integrated together without problems. Because API tests bypass the user interface, they tend to be faster and more reliable than GUI tests.

Best of all: since API tests can be done without relying on the UI, they can be created early in the development cycle.

4. API load testing

Another benefit of API testing is that you can leverage the same functional API automated testing that you use in your performance testing efforts. Many companies use JMeter for load testing, and these test cases are based on API functional testing.

The basic idea is that you're using a tool for performance testing, but you need to make sure it's actually working before running, for example, a load test against your API. Therefore, you want to do functional testing first, and then performance testing can be done with functional test scripts.

Hence, API test scripts are a great advantage in the performance testing workflow.

5. How to choose API testing tools

You can use many tools to help you with API test automation.

6. How to Test Web Services

Test like any other app! In general, the best approach to normal functional testing is the same for web services (except for the difference that web services do not have a GUI user interface, unlike most other applications).

Therefore, the functional testing techniques that have been used all the time still apply. Just treat web services as having no business process and write test cases accordingly.

Some good questions to ask when automating web services:

• Does the service respond with the correct value?
• Is the behavior expected by end users?
• How quickly does the service send the response to the user?
• Can the service handle expected and unexpected user load?
• Can the service handle exceptions caused by invalid and bad data?
• Web Services Testing Terminology

The biggest hurdle for most testers is getting used to the terminology used when talking about web services.

For example:

• The XML format
  XML is a method of creating a markup language that you can use to define your own tags. XML allows users to share structured data with numerous systems, including over the Internet.

• REST
  REST (Representational Transfer State) is a lightweight option for developing web services using the HTTP protocol.

7. HTTP

HTTP is a communication protocol for transferring messages over a network. HTTP is also known as a stateless protocol because each request it makes is independent of all previous requests.

Cookies are used to track the state of previous requests for a session. Cookies are files stored on the client with information added from HTTP header information. The information stored in cookies is sent back to the browser when a request is made to a website that the user has already visited. In this way, the website is able to remember the user's previous activity and current status.

• Understanding HTTP will give us a good foundation for understanding most API testing tool features.

About HTTP requests

An HTTP client request consists of three main parts. they are:

request line (HTTP method)

Tells the server what type of request is being made. In the example above we made a GET request, but you can use more requests depending on the type of request you need to make. HTTP methods have the following options (the first four are the most common):

GET – retrieve data from the specified source
POST – send new data to the specified source
PUT – update information on the specified source
DELETE – delete data from the specified source
TRACE – ask the agent to declare itself
OPTIONS – ask for information about options available on the server
HEAD – like a GET request, but only sends information about the document
CONNECT – used when the client must use an HTTPS server

Header

Contains additional information to be sent to the server, such as browser, operating system, acceptance, and cookie information. The different types of headers are:

General - An optional header that contains information such as the current time
Request - Provides more information to the server about the client Entity
- Contains specific information about the document being sent, such as length and encoding scheme.

request body

Contains data for methods that need it, Get method is empty.

The response returned from the server also contains three parts, just like we saw in the HTTP request:

• Response line (status code)
• header information
• body containing all text in the response

HTTP status code

In our example, the status code is 200, which means everything is fine. The status code will vary depending on what happened with the original request.

The status codes that can be returned from the server are:

1xx – Responses in the 100-199 range indicate that the server is processing the request.
2xx – Responses in the 200-299 range indicate a successful request.
3xx – Responses in the range 300-399 indicate that the request was not executed - further action is required.
4xx – Responses in the range 400-499 indicate that the request is incomplete and more information may be required.
5xx – Responses in the 500-599 range indicate that the server encountered an error.

8. What is REST API?

The fact that REST (Representational Transfer State) is a lightweight option for developing web services using the HTTP protocol makes it simpler and less overhead than web services using the SOAP protocol. When an API follows the REST architecture, it is called a REST API. When a service is designed around the REST standard, that service is said to be made "RESTful".

A REST API consists of a large number of resources. This is called the resource model, and it utilizes Uniform Resource Identifiers (URIs). The URI syntax allows you to specify a query that returns the desired information from the REST API. The main elements of a REST system are:

• A resource is information that a client requests from a host, such as a web page or a database record.
• A resource identifier is a URI used to name a resource.
• The representation is when the server sends a response with the resource in the completed format.
• REST API tests (How to create REST API tests)

Learn about using services that return JSON

Maybe it's me, but instead of being disturbed every time I hear the word "JSON", a horrifying image of Jason from the Friday the 13th horror movie pops into my head.

But really, JSON is just another innocuous technical acronym that you'll quickly discover is nothing to be afraid of.

What is JSON

JSON stands for JavaScript Object Notation and is designed as a lightweight data interchange format. JSON is definitely becoming more popular and in some cases is replacing XML for API data exchange. The www.json.org website describes how to build JSON on two structures:

"A collection of name/value pairs. In various languages, this is implemented as an object, record, struct, dictionary, hashtable, list of keys, or associative array." An ordered list of values
. In most languages ​​this is done with arrays, vectors, lists or sequences. "

[A full 200 episodes] Ultra-detailed advanced tutorials on automated testing of Python interfaces, truly simulating the actual combat of enterprise projects! !