RESTful API testing met REST Assured Workshop Test
- Slides: 45
RESTful API testing met REST Assured Workshop Test. Net thema-avond 8 november Bas Dijkstra bas@ontestautomation. com www. ontestautomation. com @_basdijkstra
Voorbereiding _ Setup a JDK (1. 8 strongly preferred) _ Install an IDE (Intelli. J, Eclipse, …) _ Also install Maven and Test. NG support (for Eclipse) _ Download and import the Maven project _ https: //github. com/basdijkstra/testnetapitesting _ https: //www. ontestautomation. com/files/testnetapitestingworkshop. zip _ Run tests in Rest. Assured. Smoke. Test. java
Wat gaan we doen? _ RESTful APIs _ REST Assured _ Zelf doen _ Andere testtools
Wat zijn RESTful APIs? _ HTTP request methods (GET, POST, PUT, …) _ URI’s _ CRUD operations on data POST GET PUT DELETE … Create Read Update Delete …
Waar worden RESTful APIs gebruikt? Mobile Internet of Things API economy
Een voorbeeld _ GET http: //api. zippopotam. us/us/90210 _ Result:
Wat willen we testen? _ Connectiviteit _ Is de API ‘live’? _ Syntactische correctheid _ Statuscodes _ Headers _ Schema’s _ Dataformaten _… _ Semantische correctheid _ Worden de juiste gegevens teruggegeven? _ Worden gegevens goed opgeslagen? _ Verwerking verzoeken door service provider _ Individueel _ Scenario’s
Wat willen we dan testen? _ Vergeet ook de nonfunctionals niet… _ Performance _ Security _ Authenticatie (mag ik de API gebruiken? ) _ Autorisatie (CRUD + rechten)
Case study How applying API testing saved us from thousands of slow end-to-end tests
Tools for testing RESTful APIs _ Browser (using plugins like Postman for Chrome) _ Open source (Soap. UI, REST Assured, …) _ COTS (Parasoft SOAtest, Soap. UI Pro, …) _ Build your own (using HTTP libraries for your favourite programming language)
REST Assured _ Java DSL for writing tests for RESTful APIs _ Removes a lot of boilerplate code _ Powerful, readable and maintainable tests _ Developed and maintained by Johan Haleby
Een voorbeeldtest
REST Assured features _ Support for HTTP methods (GET, POST, PUT, …) _ BDD/Gherkin – like syntax _ Use of Hamcrest matchers for checks (equal. To) _ Use of Json. Path for selecting elements from JSON response
About Hamcrest matchers _ Express expectations in readable language _ Examples: equal. To(X) Does the object equal X? has. Item(“Rome”) Does the collection contain an item “Rome”? has. Size(3) Does the size of the collection equal 3? not(equal. To(X)) Inverts matcher equal. To() _ http: //hamcrest. org/Java. Hamcrest/javadoc/1. 3/org/hamcrest/Matchers. html
Json. Path example http: //goessner. net/articles/Json. Path/
Validating technical response data _ HTTP status code _ MIME-type of received responses _ Cookies and their value _…
Ons ‘system under test’ _ Ergast F 1 API _ Offers historical data of Formula 1 races, drivers, circuits, etc. _ API documentation at http: //ergast. com/mrd/ _ Mocked for demo effect mitigation purposes using Wire. Mock
Voorbeelden _ Data for driver Max Verstappen (in JSON): http: //ergast. com/api/f 1/drivers/max_verstappen. json _ A list of circuits for the 2015 season (in JSON): http: //ergast. com/api/f 1/2015/circuits. json
Demo _Starting the stub server _How to use the test suite _Executing your tests _Reviewing test results _Writing a first test
Aan de slag! _ Rest. Assured. Exercises 1 _ Simple checks _ Validating individual elements _ Validating collections and items therein _ Validating technical response properties _ Stubs are predefined _ You only need to write the tests using REST Assured _ Rest. Assured. Examples contains the zipcode example
Parameters in RESTful APIs _ Path parameters _ Identify specific (set of) resource(s) _ http: //ergast. com/api/f 1/drivers/max_verstappen. json _ http: //ergast. com/api/f 1/drivers/hamilton. json _ Query string parameters _ Filter a set of resources _ http: //md 5. jsontest. com/? text=testcase. One _ http: //md 5. jsontest. com/? text=testcase. Two _ There is no official standard!
Using parameters in REST Assured _ Examples for query parameters: _ Call to http: //md 5. jsontest. com/? text=testcase. One _ Call to http: //api. openweathermap. org/data/2. 5/weather/? q=Kopenhagen&mode=xml
Using parameters in REST Assured _ Examples for path parameters: _ Call to http: //ergast. com/api/f 1/drivers/max_verstappen. json _ Call to http: //ergast. com/api/f 1/drivers/alonso/constructors/renault/seasons. json
Using parameters in REST Assured _ Iterating over a collection of parameter values: _ Creating pairs of driver ID’s and numbers: _ Using test data in API calls and validation of response data:
Aan de slag! _ Rest. Assured. Exercises 2 _ Data driven tests _ Creating a test data object _ Using test data in calling the right URI _ Using test data in assertions _ Rest. Assured. Examples contains all examples from the presentation
Hergebruik _ Improving maintainability _ Avoiding duplicate code _ Sharing variables between steps _ Reusing request or response specifications
Variabelen delen tussen tests _ REST Assured supports this with extract()
Controles delen tussen tests _ Example: checking status code and MIME type for all responses _ Maintenance burden if specified for each individual test _ What if we could specify this once and reuse throughout our tests?
Controles delen tussen tests _ Solution: Response. Spec. Builder
Aan de slag! _ Rest. Assured. Exercises 3 _ Try it for yourself _ Can you think of additional applications for reuse ? _ Rest. Assured. Examples contains all examples from the presentation
Authenticatie _ Securing APIs _ Basic authentication (preemptive / challenged) _ OAuth(2) _ Digest / Form
Basic authentication _ Username/password sent in header for every request
OAuth(2) _ Request of authentication token based on username and password (Basic authentication) _ Include authentication token in header of all subsequent requests
Measuring response times _ Measuring response times for individual requests _ Setting response time thresholds _ Test fails when threshold is exceeded _ No full-fledged performance test _ First rough indication of API performance
Measuring response times _ An example:
Aan de slag! _ Rest. Assured. Exercises 4 _ Communicating with an OAuth 2 -secured API _ Requesting authentication token _ Using authentication token in subsequent requests _ Measuring API response times _ Execute a specific API call _ Evaluate response time against predefined threshold _ Rest. Assured. Examples contains all examples from the presentation
XML support _ So far, we’ve only used REST Assured on APIs that return JSON _ It works just as well with XML-based APIs _ Xml. Path instead of Json. Path
Xml. Path – examples Check country for the first car in the list
Xml. Path – examples Check year for the last car in the list
Xml. Path – examples Check model for the second car in the list
Xml. Path – examples Check there’s only one car from Japan in the list
Xml. Path – examples Check there are two cars in the list whose make starts with ‘A’
Get your hands dirty! _ Rest. Assured. Exercises 5 _ Communicating with an API returning an XML document _ Use Xml. Path to select the right nodes _ Use filters, in, grep(), size() where needed _ All examples can be reviewed in Rest. Assured. Examples. Xml. java
Andere tools
Contact _ Email: bas@ontestautomation. com _ Blog: https: //www. ontestautomation. com _ Linked. In: https: //www. linkedin. com/in/basdijkstra _ Twitter: @_basdijkstra