Version:   Beta                                                                                         Updated On:  14/Sept/2017


Intro

          UI Automation Testing is costly, mostly unstable ( because of various reasons ), time consuming and doesn’t give results as quickly as expected from stack holders. Developer will feel held up because of this. 


Other complaints are; most of the times UI automation test case failure/s doesn’t give exact root cause/s of failure/s and developer needs to spend valuable time finding out root case of bug/s.


API testing goes a level deeper than UI Automation, it is fast , stable , easy to maintain and quick yields accurate info related to a bug ( mostly ).


Lets take example of a product ordering flow of an e-commerce website. As this is most critical feature of software; it must be constantly tested in PROD , QA and Dev environments. In this scenario API testing will help more than UI testing to find out problem/s quicker and inform about it much earlier.

Mark Watney Quote from The Martian movie “At some point, everything’s gonna go south on you and you’re going to say, this is it. This is how I end. Now you can either accept that, or you can get to work. That’s all it is. You just begin. You do the math. You solve one problem and you solve the next one, and then the next. And If you solve enough problems, you get to come home.” [ so true ; in everyday’s work of Automation Engineer ]

 

Index 

1.  What is API

2.  Why API Testing Is Necessary

3.  What Are Different Kinds Of API

4.  API Related Common Info    

5.  Case Studies

6.  API + Cucumber

7.  Jenkins Integration ( CI Setup )

8.  Jenkins + IRC Integration

9.  Additional Info

10.  Tools

 

1. What is API ?


1.1  http://www.quora.com/What-is-an-API

     1.2  http://stackoverflow.com/questions/7440379/what-exactly-is-the-meaning-of-an-api

 

2.  Why API testing is necessary ?


2.1  http://www.soapui.org/testing-dojo/world-of-api-testing/what-makes-api-testing-special-.html


2.2   http://www.guru99.com/api-testing.html

2.3   https://www.qasource.com/qalounge/4-advantages-of-api-testing/

2.4   API Testing ? Why it’s so important ( Joe Colantonio )

 

3.  What are different kind of API ?


3.1   https://ffeathers.wordpress.com/2014/02/16/api-types/


3.2   http://theopentutorials.com/post/uncategorized/types-of-web-services-big-and-restful/

 

4.  API Related Common Info

4.1   What is “cURL” ?

               4.1.1  Conquering Command Line ( Ch. 3 cURL )

4.2   Different Response Status Codes

       4.2.1 https://developer.spotify.com/web-api/user-guide/#response-status-codes

       4.2.2. https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

4.3   Why , What , How  RESTful       

                4.3.1    http://www.drdobbs.com/web-development/restful-web-services-a-tutorial/240169069

                  4.3.2  http://www.quora.com/Is-REST-a-better-approach-for-Web-Services-than-SOAP-Or-they-are-different-tools-for-different-purposes

 

 

5. Case Studies :
Case Study 1:   Wunderlist  + cURL
1.  Create a new account in https://www.wunderlist.com 

2.  Goto https://developer.wunderlist.com/documentation , click on "MY APPS"

3.  Create a new app 

4.  CLIENT_ID , CLIENT_SECRET , ACCESS_TOKEN 

XXXX4852acb2d8XXXXXX , XXXXX07fa01b277d19193162ae0381cf1e61619d160188dc2616eacXXXXX , 

XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX

https://developer.wunderlist.com/documentation/endpoints/user

curl -i -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX  -H "X-Client-ID: XXXX4852acb2d8XXXXXX" -X GET a.wunderlist.com/api/v1/user


 https://developer.wunderlist.com/documentation/endpoints/list

curl -i -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX" -H "X-Client-ID: XXXX4852acb2d8XXXXXX  -X GET a.wunderlist.com/api/v1/lists

curl -i -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX" -H "X-Client-ID: XXXX4852acb2d8XXXXXX"  -X GET a.wunderlist.com/api/v1/lists/16905XXXX

curl -i -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX"  -H "X-Client-ID: XXXX4852acb2d8XXXXXX" -H "Content-Type: application/json; charset=utf-8" -X GET a.wunderlist.com/api/v1/tasks?list_id=XXX052XXX

curl -i -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX"  -H "X-Client-ID: XXXX4852acb2d8XXXXXX" -X GET a.wunderlist.com/api/v1/avatar?user_id=XX945XXX

curl -i -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX" -H "X-Client-ID: XXXX4852acb2d8XXXXXX" -H "Content-Type: application/json; charset=utf-8"  -X POST a.wunderlist.com/api/v1/lists -d '{"title":"new-list"}'

curl -i -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX  -H "X-Client-ID: XXXX4852acb2d8XXXXXX " -H "Content-Type: application/json; charset=utf-8" -X POST a.wunderlist.com/api/v1/tasks -d '{"list_id":XXX0528XX, "title":"vikram-tasks"}'

curl -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX" -H "X-Client-ID: XXXX4852acb2d8XXXXXX" -H "Content-Type: application/json"  -X PATCH a.wunderlist.com/api/v1/lists/169075159 -d '{"revision":1,"title":"XXXXX"}'

curl -i -H "X-Access-Token: XXXXX654bc6d4aed7432b1c6d2a43598d37ab8165ce16f4b1e2e1d0XXXXX" -H "X-Client-ID: XXXX4852acb2d8XXXXXX"   -X DELETE a.wunderlist.com/api/v1/lists/169074217?revision=1


 File Upload - 4 API calls


 stat -f%z  KYC.png   -> gives file size in bytes

curl -i -H "X-Access-Token: dummy" -H "X-Client-ID: dummy" -H "Content-Type: application/json; charset=utf-8"  -X POST a.wunderlist.com/api/v1/uploads -d '{"content_type":"image/png","file_name":"KYC.png","file_size":"530145"}'

201 Created

From response body get values of "url" , "authorization" , "date" to use in below cURL call

Option 1: Works only when curl is called in same directory as file 

curl -i -H 'Authorization: AWS ...' -H 'x-amz-date: Tue, 29 Dec 2015 16:10:16 UTC +00:00' -H 'Content-Type: ' -X PUT  'https://upload.wunderlist.io/..' 

Option 2:

curl -i -H 'Authorization: AWS...' -H 'x-amz-date: Mon, 04 Jan 2016 14:26:19 UTC +00:00' -H 'Content-Type: ' -X PUT  'https://upload.wunderlist.io/..'  --upload-file "/Users/vikram-anna/Desktop/Rocky.jpg"

200 OK

curl -i -H "X-Access-Token: dummy  -H "X-Client-ID: dummy  -H "Content-Type: application/json; charset=utf-8"  -X PATCH a.wunderlist.com/api/v1/uploads/45936173  -d'{"state":"finished"}'

200 OK

curl -i -H "X-Access-Token: dummy  -H "X-Client-ID: dummy  -H "Content-Type: application/json; charset=utf-8"  -X POST a.wunderlist.com/api/v1/files -d '{"upload_id":45936173,"task_id":1548767307}'


 201 Created

curl -i -H "X-Access-Token: dummy"  -H "X-Client-ID: dummy " -H "Content-Type: application/json; charset=utf-8" -X POST a.wunderlist.com/api/v1/folders -d '{"title":"FOLDER-API", "list_ids":[231294978]}'

201 Created 

 

Case Study 2:   Twitter API  + Postman

 

Refer to youtube video names "Using Postman for Chrome to Connect To Twitter API"


 Terminologies


 apps.twitter.com/app/1234567/keys

Application Settings


 1. Consumer Key      ( API Key )


 2.  Consumer Secret ( API Secret ) 

Your Access Token


 1. Access Token 


 2. Access Token Secret

https://dev.twitter.com/rest/public 

 

Case Study 3:   Spotify ( WIP )

 

3.1   Types of API requests ?

        3.1.1 https://developer.spotify.com/web-api/user-guide/ 

3.2   Web API Tutorial

       3.2.1 https://developer.spotify.com/web-api/tutorial/

3.3   Spotify API Console

3.3.1 https://developer.spotify.com/web-api/console/

3.4   Understanding the Spotify Web API

3.4.1 https://labs.spotify.com/2015/03/09/understanding-spotify-web-api/

3.5   API References


3.5.1 https://developer.spotify.com/web-api/endpoint-reference/

 

Case Study 4 :  https://trello.com/  ( WIP )


https://trello.com/docs/

 

6.  API + Cucumber     

http://stackoverflow.com/questions/16741490/rest-api-test-cucumber-steps-best-practice

https://github.com/jayzes/cucumber-api-steps

https://github.com/DigitalInnovation/cucumber_rest_api

http://www.joecolantonio.com/2014/02/26/rest-testing-with-java-part-two-getting-started-with-rest-assured/

 

7.  Jenkins Integration ( CI Setup )
  • Once you’ve automated test cases, create job in Jenkins to run these every X minutes/hours on daily basis and send out email with detailed report of PASS/FAIL
  • This way it’s much faster to monitor prod env health with quick checks
  • Email notification can be configured to send out failure emails to PM,Dev & as QA you should receive all the emails
  • It can also be run whenever there are changes in backend code as well.
  • You can configure job as per project requirements

 

8.  Jenkins + IRC Integration
  1. How To Trigger Jenkins build from Slack
  2. Let Jenkins Keep You Notified ! 

 

9 . Additional Notes ( WIP )

1. Automation & Testing REST API By Alan Richardson ( eviltester )

2. https://github.com/brooklynDev/airborneRSpec driven API testing framework )

3. http://stackoverflow.com/questions/9772933/rest-api-request-body-as-json-or-plain-post-data

4. Introduction To RestAssured Java REST API library for Test Automation ( EvilTester – Software Testing )

5. Java DSL for easy testing of REST services

6. https://github.com/vikramvi/RESTful-api-automation   ( Demo project for reference to newcomers )

7. http://testdetective.com/building-rest-testing-framework/ ( Building micro services testing framework )

8. http://awesome-testing.blogspot.com/2016/07/restful-api-testing-with-rest-assured-1.html .  ( RESTful API Testing with Rest-Assured )

9. http://www.joecolantonio.com/2014/04/24/rest-assured-how-to-post-a-json-request/ (  How To Post A JSON Request : REST Assured )

10.  http://www.ontestautomation.com/testing-rest-services-with-rest-assured (  Testing REST services with REST Assured  – Bas Dijkstra )

         http://www.ontestautomation.com/open-sourcing-my-workshop-an-experiment/

        ( Refer to blog conversation @ integration testing  August 10, 2016 at 10:25 am )

11. Testing RESTful Web Services Made Easy Using REST-assured framework  
( Very                 descriptive & useful explanation, multiple scenarios including Auth covered )

12.   chrome://net-internals Chrome net-internal tool to check traffic https://www.smartfile.com/blog/using-chromes-net-internals-chromenet-internals/

13.   http://james-willett.com/category/rest-assured/ ( James Willet – Technical Testing )

http://james-willett.com/2015/06/getting-up-and-running-with-rest-assured/

        http://james-willett.com/2015/06/extracting-a-json-response-with-rest-assured/ 

 

10. Tools

1.  Paw

2.  Postman

http://www.lunarlincoln.com/tools-we-love-paw/

 

Advertisements