Rest API Testing fundamentals

-

 What is an API?

 An API can be defined as an Interface that takes requests from a Client system to a web server and sends back the response from a Web server to the client machine.

Definition 2: An interface that facilitates communication between Client machine and a Web Server.

Example 1: MakeMyTrip.com which aggregates flight information from various airlines and presents it on the website.

When user enters information like date, source and destination the request is made to APIs of different Airline companies which then return the information about availability and price.

Another example is Trivago which requests the APIs of different Hotels which then returns back information about price and availability of rooms.

Example 2, Let us consider that you are browsing through the products on Amazon.com and you see a product/deal that you really like and you wish to share it with your Facebook network.

The moment you click on the Facebook icon on the share section of the page and enter your Facebook account credentials to share, you are interacting with an API that is seamlessly connecting the Amazon website to Facebook.

Types of API testing/How do you test a REST API?

API Testing invlolves following 3 types of Testing:

1. Functional Testing: Functional testing of API involves 3 types of testing:

a. Testing the Authentication 
b. Testing field validations or input data validation - Check whether field validations are implemented. It should distinguish properly between Valid and Invalid inputs and throw proper error message and return the proper Status code in response.
Example, If an Input field accepts date only in DD/MM/YY format then it should display proper error message an return proper response code.
c. Testing the correctness of response from an API - 
If a status code of 200 (meaning all Okay) is received as a response from test API, but if the response text says an error has been encountered, then this is a defect.
Additionally, if the error message itself is incorrect, then that can be very misleading to the end customer who is trying to integrate with this API.

In the screenshot below, the user has entered invalid weight, which is more than the acceptable 2267 Kgs. The API responds with the error status code and error message. However, the error message incorrectly mentions the weight units as lbs instead of KG. This is a defect that can confuse the end customer.

2. Load and Performance testing:

For Example, let’s say that based on the requirements provided, we know that the API that is designed needs to service at least 500 requests per hour and maintain the average response time of less than .01 seconds.

Based on our load and performance tests we found out that as long as API receives less than 500 requests per hour, it is able to maintain SLA for average response time. However, if it receives another 200 requests, then the average response time increases and the breaking point is reached when the incoming request exceeds 1200 per hour.

3. Security Testing:

Application Programming Interfaces or APIs are vulnerable and are the easiest access point for malicious hackers who want access to data or gain control of an application.

This can lead any company into legal trouble, where due to a security breach unintended people and/or organizations are able to access client’s data through a venerable API.

Security testing is a specialized branch of testing and should be handled by specialists. The security testing resources can be from within the organization or independent consultants.



Comments

Post a Comment

Popular posts from this blog

Jenkins CICD in One Page

-
Image
   Jenkins Architecture: Jenkins follows a Master/Slave architecture where master and slave communicate over TCP/IP protocol Jenkins Architecture has 2 main components: 1. Jenkins Master/Server          2. Jenkins Slave/Node/Build Server 1. Jenkins Master: The Main Server of Jenkins i.e. the brains is the Jenkins Master It is a dashboard which is powered from a war file Runs on port 8080 by default With the help of the dashboard we can configure the jobs/projects but the build takes places in the Node/Slave server By default one node is configured and running in Jenkins Server We can add more nodes using IP addresses, username, passwords using jnlp, ssh or webstart methods The main job of server is: Scheduling build jobs Dispatching builds to the nodes/slaves for actual execution Monitoring the nodes/slaves Recording and Presenting the build results A Master/Server instance of Jenkins can execute build jobs as well i.e. it can also act as a node itself 2. Jenkins Slave: The Jenkins sla
Read more

Why do we need a build tool?

-
Image
Why we need build tool? Consider this scenario where you want to run a java application   You can use java compiler (javac) provided by JDK to compile java code into Byte Code which can then run on any Machine To compile Java Programs using javac you will have to list all java source files to run the entire application Ex., "javac Program1.java Program2.java Program3.java Program4.java" This is a very tedious job. Doing this manually is a pain since there are hundreds of libraries used even in the simplest of Java Application Also one has to add Compilation classpath to make the code work. For example if the code uses libraries like testNG, Selenium etc. You need to add it to Compilation Classpath using following code: "javac -cp testNG.jar; webdriver.jar; lib3.jar" MyProgram.java In conclusion, Compiling java code manually becomes very tedious and complex task Enter Third party build tools like Spring boot, apache-comm
Read more

Deutsche Bank Interview Questions - 2024

-
  - Write a code Read a JSON file in java and get all objects/array objects from it. - How is Vector different than a List? - Collections vs Collection? - How do you make sure a List is not accessed concurrently? - Are Thread.sleep() and wait method from selenium static? - Can we overload sleep() and wait() methods? - Difference between sleep() and wait() methods - What is Transient in Java? - Explain the whole hierarchy of Collections interface - Is ArrayList thread safe? - How to make a list thread safe? - What is Autoboxing and Unboxing in java? - Wrapper classes in java? - Can we have method implementation inside an Interface? - What is Fail fast in java? - Write a program  Find all pairs of elements in an array whose sum is equal to given number array- {4,5,7,11,9,13,8,12,10,10} given number -20. Eg., O/p: should be: 11,9 8,12, 13,7 10,10 - What is fail fast mechanism in Java - Do you know lambda expressions?
Read more