Literacy Content:
1. What is the interface?
2. What are the types of interfaces?
3. What is the nature of the interface is?
4. What is the interface to test?
5. Q. What do interface testing?
6. How do interface testing?
7. What Cece interface is the pilot?
8. The interface test what knowledge should be mastered?
9. Other relevant knowledge?
1. What is the interface?
An interface test between the primary point of interaction for the system and the system between the external and internal subsystems, define a specific interaction points, then these interactions points, i.e. protocol data performed between some special rules interaction.
2. What are the types of interfaces?
The interface is generally divided into two types: 1. The program interface 2. Internal and external system interfaces
System external interface: for example, you want a server on another website or access to resources or information, others certainly will not give you the shared database, he can only give you a method to get the data they are written, you quote him interface will be able to use his written so as to achieve the purpose of data sharing.
Interface internal procedures: between method and method, the interaction between the module and the module, internal procedures thrown interfaces, such as bbs system, have a login module, posting module, etc., you must be logged in to post it, then this Both modules have to have interaction, it will throw an interface for the internal system call.
Category interfaces: 1.webservice Interface Interface 2.http api
webService interface is a walking soap protocol transmission via http request packet and return messages are xml format, we use call, in order to test the tool by the time of the test.
API interfaces are down http http protocol, to distinguish a path through a method call, the request packets are in the form of key-value, the packets are generally returns json string, or the like with a get and post, which is the most commonly used two request method.
json is a common data type, all languages are aware of it. (Nature json is a string, he has nothing to do with other languages, but can be converted through a slightly processed into data types other languages, such as can be converted into a dictionary in Python, key-value form, can be converted into JavaScript Native objects, class objects can be converted into other java in.)
3. What is the nature of the interface and how it works is that?
Interface you can simply understand that he is the URL, the principle would say something like server URL sent by post or get request, then get some corresponding return value, essentially transmit and receive data.
4. What is the interface to test?
Testing at the interface between the test interface system components. An interface test between the point of interaction is mainly used between the detection system and the external system, and inside of each subsystem. Stress test is to check the exchange data, and control transfer process management, and logical mutual dependencies between systems and the like.
-Baidu Encyclopedia
The short answer is through the URL like to say a server or other modules, we want to transmit data transmission, and then look at their expected return is not what we want.
5. Q. What do interface testing?
1. find the underlying bug, it is the lower cost of repair.
2. The front end just change the interface test well, do not change the back-end, front and rear end are two sets of people development.
3. The security inspection system, stability, mass participation untrusted front end, such as shopping Jingdong tip passes -1 membered possible price, but can pass through the interface element -1.
4. complexity of the system is now rising sharply increase the cost of traditional testing methods and a substantial decline in test efficiency, test interfaces can provide a solution in this case.
The interface test is relatively easy to automate continuous integration, and UI Automation also relatively stable, can reduce manual regression testing time and labor costs, shorten the test cycle, the back-end support fast development version requirements. Continuous integration interfaces can be the root of why the low-cost high-yield.
6. Now a lot of the front and rear end systems architecture is separate from a security perspective, the:
(1) depends only on the front end has to be limiting system can not meet the security requirements (too easy to bypass the front), the rear end of the same need to be controlled, it is necessary to verify the level of the interface in this case.
If (2), the front and rear end of the transmission, the print log information needs to be verified are encrypted transmission, particularly in relation to the user's private information, such as identity cards, bank cards and the like.
6. How do interface testing?
- the front and rear end call our project is mainly based on the http protocol interfaces, it is mainly through the tool or code to simulate http request to send and receive test interface. There are many tools such as: postman, jmeter, soupUI, java + httpclient, robotframework + httplibrary and so on.
- an interface can also be used to achieve automation, is implemented in code and UI Automation framework similar, by sending a request to the assertion determination.
7. What Cece interface is the pilot?
Objective: to test the accuracy and stability of the interface;
Principle: Analog client sends the server request message, the server receives the request packet to be processed on the client server returns a corresponding response packet, the client processes the received response;
Key: switching, transmission, and control inspection data management processes, further comprising a number of processing;
Core: Continuous integration is the core interface testing;
Advantages: bring to the high complexity of the more complex and efficient platform for defects monitoring and quality control capabilities, the platform, the more massive the system, the greater the effect of interface testing (to improve test efficiency, enhance the user experience, reduce development costs);
Key case design: Normally two outermost main test interfaces: Interface data into the system (external system call parameter using the present system) out of the system and the data interface (data authentication processing system is normal);
PS: use case design also needed to pay attention to the external interface to external users use these interfaces what features users really need any external function;
Question 1.1, the back-end interfaces are what test?
- answer this question, we can start from the point of interface testing activities, see a picture below, the basic reaction of the main content of our current project backend interface testing:
Question 2, the back-end interface testing again, the front also tested again, is not retested?
- answer this question, we need to consider the content or cover when the following picture shows the direct comparison test app and content app interface test end test activities:
FIG seen from the above comparison that two identical portions of the two testing activities functional test, boundary analysis and performance testing, due in part to the different needs of each other properties of interest, or a special test points, which is not discussed . Next we analyze for the same content more than three parts:
1, the basic functional test:
Because it is tested against the basic business functions, so this is the highest part of a two test coincidence degree, the development of the students also commonly referred to as the main content of this section.
2, boundary analysis test:
Consider the boundary conditions on the basis of the input and output of basic functional test on this part will be a repeat of the part (such as border business rules). However, inputs and outputs are often provided in the front end of the stick to let the user select a value (as a drop box), in this case the boundaries of the test is very limited, but there is no interface test this constraint, relatively speaking Interface can cover a wider range of the same, the probability of the interface problems are also higher.
3, performance testing:
这个比较容易区分,虽然都需要做性能测试,但关注点确大不相同。App端性能主要关注与手机相关的特性,如手机cpu、内存、流量、fps等。而接口性能主要关注接口响应时间、并发、服务端资源的使用情况等。两种测试时的策略和方法都有很大区别,所以这部分内容是需要分开单独进行测试的,理论上来说这也是不同的部分。
综论:
1、接口测试和app测试的活动有部分重复的内容,主要集中在业务功能测试方面。除此之外,针对各自特性的测试都不一样,需要分别进行有针对性的测试,才能确保整个产品的质量。
2、接口测试可以关注于服务器逻辑验证,而UI测试可以关注于页面展示逻辑及界面前端与服务器集成验证
3、接口测试持续集成:
对接口测试而言,持续集成自动化是核心内容,通过持自动化的手段我们才能做到低成本高收益。目前我们已经实现了接口自动化,主要应用于回归阶段,后续还需要加强自动化的程度,包括但不限于下面的内容:
a) 流程方面:在回归阶段加强接口异常场景的覆盖度,并逐步向系统测试,冒烟测试阶段延伸,最终达到全流程自动化。
b) 结果展示:更加丰富的结果展示、趋势分析,质量统计和分析等
c) 问题定位:报错信息、日志更精准,方便问题复现与定位。
d) 结果校验:加强自动化校验能力,如数据库信息校验。
e) 代码覆盖率:不断尝试由目前的黑盒向白盒下探,提高代码覆盖率。
f) 性能需求:完善性能测试体系,通过自动化的手段监控接口性能指标是否正常。
4、接口测试质量评估标准:
a) 业务功能覆盖是否完整
b) 业务规则覆盖是否完整
c) 参数验证是否达到要求(边界、业务规则)
d) 接口异常场景覆盖是否完整
e) 接口覆盖率是否达到要求
f) 代码覆盖率是否达到要求
g) 性能指标是否满足要求
h) 安全指标是否满足要求
8.接口测试都要掌握哪些知识?
①了解系统及内部各个组件之间的业务逻辑交互;
②了解接口的I/O(input/output:输入输出);
③了解协议的基本内容,包括:通信原理、三次握手、常用的协议类型、报文构成、数据传输方式、常见的状态码、URL构成等;
④常用的接口测试工具,比如:jmeter、loadrunner、postman、soapUI等;
⑤数据库基础操作命令(检查数据入库、提取测试数据等);
⑥常见的字符类型,比如:char、varchar、text、int、float、datatime、string等;
如何学这些技能?
①系统间业务交互逻辑:通过需求文档、流程图、思维导图、沟通等很多渠道和方式;
②协议:推荐《图解http》这本书,内容生动,相对算是入门级的书籍,其他的还有《图解tcp、IP》等;
③接口测试工具:百度这些工具,然后你会发现,好多的教学博客、相关问题解决方案、以及一些基于工具的书籍,当然,选择合适的书很重要;
④数据库操作命令:学习网站(W3C、菜鸟教程)、教学博客,以及一些数据库相关书籍,入门级推荐:《mysql必知必会》、《oracle PL/SQL必知必会》等
⑤字符类型:还是百度,有句话这么说:内事不决问百度,外事不决问Google。。。
如何获取接口相关信息?
一般的企业,都会由开发或者对应的技术负责人员编写接口文档,里面会注明接口相关的地址、参数类型、方法、输入、输出等信息,如果没有,想办法获取。。。
接口文档八要素:
封面:封面最好是本公司规定的封面,有logo,内容标题,版本号,公司名称,文档产生日期;
修订历史:表格形式较好些,包括:版本、修订说明、修订日期、修订人、审核时间审核人等;
接口信息:接口调用方式,常用的GET/POST方式,接口地址;
功能描述:简洁清晰的描述接口功能,比如:接口获取的信息不包括哪些;
接口参数说明:每个参数都要和实际中调用的一样,包括大小写;参数的含义言简意赅的说明,格式,是string 还是int 还是long等格式;
说明部分,说明参数值是需要哪里提供,并详细说明参数怎么生成的,例如时间戳,是哪个时间段的,参数是否必填,一些参数是必须要有的,有些是可选参数等;
返回值说明:
①最好有一个模板返回值,并说明每个返回参数的意义;
②提供一个真实的调用接口,真实的返回值;
调用限制,安全方面:
加密方式,或者自己公司一个特殊的加密过程,只要双方采用一致的加密算法就可以调用接口,保证了接口调用的安全性,比如常见的md5;
文档维护:文档在维护的时候,如有修改一定要写上修改日期,修改人,对大的修改要有版本号变更;
9.其他相关知识?
get请求,post请求的区别:
1、GET使用URL或Cookie传参。而POST将数据放在BODY中。
2、GET的URL会有长度上的限制,则POST的数据则可以非常大。
3、POST比GET安全,因为数据在地址栏上不可见。
4、一般get请求用来获取数据,post请求用来发送数据。
其实上面这几点,只有最后一点说的是比较靠谱的,第一点post请求也可以把数据放到url里面,get请求其实也没长度限制,post请求看起来参数是隐式的,稍微安全那么一些些,但是那只是对于小白用户来说的,就算post请求,你通过抓包也是可以抓到参数的。(唯一区别就是这一点,上面3点区别都是不准确的)
http状态码:
1、200 2开头的都表示这个请求发送成功,最常见的就是200,就代表这个请求是ok的,服务器也返回了。
2、300 3开头的代表重定向,最常见的是302,把这个请求重定向到别的地方了。
3、400 400代表客户端发送的请求有语法错误,401代表访问的页面没有授权,403表示没有权限访问这个页面,404代表没有这个页面。
4、500 5开头的代表服务器有异常,500代表服务器内部异常,504代表服务器端超时,没返回结果。
webservice接口怎么测试:
它不需要你在拼报文了,会给一个webservice的地址,或者wsdl文件,直接在soapui导入,就可以看到这个webservice里面的所有接口,也有报文,直接填入参数调用,看返回结果就可以了。
天气预报wsdl地址:http://www.webservicex.net/globalweather.asmx?wsdl
cookie与session的区别:
1、cookie数据存放在客户的浏览器上,session数据放在服务器上。
2、cookie不是很安全,别人可以分析存放在本地的cookie并进行cookie欺骗
考虑到安全应当使用session。
3、session会在一定时间内保存在服务器上。当访问增多,会比较占用你服务器的性能
考虑到减轻服务器性能方面,应当使用cookie。
4、单个cookie保存的数据不能超过4K,很多浏览器都限制一个站点最多保存20个cookie。
5、所以个人建议:
将登陆信息等重要信息存放为session
其他信息如果需要保留,可以放在cookie中