Getting started with REST API Testing Andrei-Mihai Contan Tester - - PowerPoint PPT Presentation

getting started with rest api testing
SMART_READER_LITE
LIVE PREVIEW

Getting started with REST API Testing Andrei-Mihai Contan Tester - - PowerPoint PPT Presentation

Jan 17, 2023 13 likes •384 views

Smarttesting - every software deserves one Getting started with REST API Testing Andrei-Mihai Contan Tester for more than 12 years, currently a Test Architect, co-founder of Romanian Testing Conference and triathlete About me Phd

slide-1
SLIDE 1

Getting started with REST API Testing

Smarttesting - every software deserves one

slide-2
SLIDE 2

About me

Andrei-Mihai Contan

  • Tester for more than 12 years, currently

a Test Architect, co-founder of Romanian Testing Conference and triathlete

  • Phd Student – “Convergence of Social

Sciences in the area of Software Testing”

  • Software Testing Trainer
  • Founder of Smarttesting Services
  • Global Judge in the STWC
slide-3
SLIDE 3

What is REST?

  • “Is there some broken

manual somewhere that needs to be fixed?”

Roy Thomas Fielding, REST inventor

slide-4
SLIDE 4

What is REST?

  • REST API Google Trends – as of

April, 2017

slide-5
SLIDE 5

What is REST?

slide-6
SLIDE 6

What is REST?

Is this just another presentation about REST? Almost each product claims to be RESTful Internet is full

  • f articles

about REST ….but what does REST mean?

slide-7
SLIDE 7

REST is…

  • An architectural style
  • A set of guidelines for

distributed hypermedia systems

  • A wide majority of people

claim that their product is RESTful, but in fact it is not.

slide-8
SLIDE 8

REST is…

  • REST is defined as a set of

architectural constraints. An application which fulfills all the constraints can be called RESTful

slide-9
SLIDE 9

REST CONSTRAINTS

  • 1. Uniform interface
  • 2. Client-server
  • 3. Stateless
  • 4. Cache (Client or Server level)
  • 5. Layered system (Data Access

Layer, Business Logic Layer, Presentation Layer)

slide-10
SLIDE 10

Architecture with API Architecture w/out API

slide-11
SLIDE 11

REST is not…

  • a Protocol – SOAP Is
  • an API
  • HTTP
  • client
  • a magic solution for

everything

slide-12
SLIDE 12

REST

  • REpresentational State Transfer is

an abstraction of the architectural elements within distributed hypermedia system.

  • REST ignores details of component

implementation and protocol syntax in order to focus on the role of components, constraints of their interaction and their interpretation

slide-13
SLIDE 13

Benefits of REST

Performance Scalability Simplicity Modifiability Visibility Portability Reliability

http://whatisrest.com/rest_architectural_goals/index

slide-14
SLIDE 14

REST?

  • REST can be applied on HTTP
  • HTTP = HyperText Transfer – PROTOCOL
  • REST suggests how the protocol must be

used

slide-15
SLIDE 15

Who uses REST?

slide-16
SLIDE 16

Who uses REST?

slide-17
SLIDE 17
slide-18
SLIDE 18

HTTP CALL HTTP CALL

slide-19
SLIDE 19
slide-20
SLIDE 20

REST over HTTP Template

  • protocol://url:port/reso

urces?queryParameters

slide-21
SLIDE 21

REST Format - URI Example

GET https://api.randomuser.me/users?nat=GB&gender=male

Protocol URL QuestionMark Query Params QueryParams Delimiter HTTP Verb resource

slide-22
SLIDE 22

HTTP verbs

  • HTTP verbs are used to describe the type of action in a CRUD model

Operation Type HTTP verb Obs CREATE POST Creates data READ GET Retrieves data UPDATE PUT Modifies data DELETE DELETE Deletes Data

slide-23
SLIDE 23

Maslow’s Pyramid of API needs

“Teams need to look beyond just testing for functional and behavioral

  • completeness. They need to

move upward to ensure what they are externalizing to internal and/or external developers is complete.” SOLUTION

BEHAVIORAL

slide-24
SLIDE 24

Testing Pyramid

slide-25
SLIDE 25

Testing Pyramid Testing Scales

https://www.joecolantonio.com/2015/12/09/w hy-the-testing-pyramid-is-misleading-think- scales/

slide-26
SLIDE 26

How to test REST API?

Behavioral API Testing Contractual API Testing Solution-oriented API Testing

slide-27
SLIDE 27
slide-28
SLIDE 28

SFDIPOT

slide-29
SLIDE 29

SFDIPOT

slide-30
SLIDE 30

SFDIPOT

slide-31
SLIDE 31

SFDIPOT

slide-32
SLIDE 32

Choosing the right tool

  • D.E.B.U.T.
  • Data Driven support
  • Environment management
  • Budget/Licensing
  • User Friendly
  • Technology agnostic
slide-33
SLIDE 33

Some tools available

  • PostMan
  • SoapUI
  • RestAssured
  • Swagger UI
  • cURL
  • Fiddler
  • OWASP ZAP
  • Advanced Rest

Client

  • BurpSuite
  • RestSharp
  • Frisby.JS
  • Mocha
  • ….many more
slide-34
SLIDE 34

K. K.I.L.L. I I.T.

Know your API Identify input parameters and types Look at your API as a product Look for endpoints Identify types of

  • perations

Test it thoroughly

slide-35
SLIDE 35

Test it thoroughly

Error handling

01

Error codes

02

Params tampering

03

SQL Injections

04

Concurren cy

05

Content- Types

06

Data validation

07

slide-36
SLIDE 36

REST TESTING SKILLS

  • Architecture knowledge
  • Communication skills
  • HTTP(s)/ TCP/ SSH - protocol

knowledge

  • Testing techniques
slide-37
SLIDE 37

Summary

  • REST is an

architectural style, a guideline

  • Benefits of REST
  • Maslow’s Pyramid
  • f API needs
  • Learning your API -

K.I.L.L.I.T.

  • Choosing the right

tool - D.E.B.U.T

  • Skills