Strong Foundation to perform API Testing (STEP BY STEP TUTORIAL)
Need for API Testing:
Generally we conduct software testing to find bugs in an application, to offer an error free product to our clients. The performance of API is also important considering that it is responsible for processing user requests. An important dimension to API testing is security as well. If an API is vulnerable to security threats, the product as a whole may suffer and as a result we may lose out on our client base. If API fails to offer an edge, then irrespective of how easily an application is available, it won't gain acceptance among people.
How is testing the API different from GUI testing??
1) It requires knowledge of inner workings.
2) Access to source code - The availability of the source code would help tester to understand and analyze the implementation mechanism used.
Test scenarios for Api Testing:
Normally test cases fall into the following general test scenarios:
●????Basic positive tests (happy paths)
●????Extended positive testing with optional parameters
●????Negative testing with valid input
●????Negative testing with invalid input
●????Destructive testing is a deeper form of negative testing where we intentionally attempt to break the API to check its robustness (for example, sending a huge payload body in an attempt to overflow the system).??
●????Security, authorization, and permission tests
API test actions?
Each test consists of test actions. These are the individual actions a test needs to take per API test flow. For each API request, the test would need to take the following actions:
1. Verify correct HTTP status code For example, creating a resource should return 201 CREATED and unpermitted requests should return 403 FORBIDDEN, etc.
2. Verify response payload Check valid JSON body and correct field names, types, and values including in error responses.
3. Verify response headers HTTP server headers have implications on both security and performance.
4. Verify correct application state This is optional and applies mainly to manual testing, or when a UI or another interface can be easily inspected.?
5. Verify basic performance sanity If an operation was completed successfully but took an unreasonable amount of time, the test fails.
Why Postman tool?
Postman is a simple GUI for sending HTTP requests and viewing responses. It is built upon an extensive set of power tools, which are incredibly easy to use. Postman helps you perform a variety of functions ranging from
●??????Organizing requests into collection and folders
●??????Sharing common values across requests with environment variables
●??????Scripting tests with the built-in node.js based runtime
●??????Automate using Postman’s CLI : Newman
Install native Postman Application
Download the application based on the OS you are using and follow the steps prompted to successfully install the Postman application. Once?installed Postman successfully, your postman window should look like:
How to Test REST APIs Using Postman:
Follow these steps to test a REST API using Postman.?
领英推荐
Details of the API we are going to use:
?
Steps to perform:
1) Launch Postman. Make a collection in Postman , To make a collection in Postman, click on: New->Collection->CollectionDemo(Any Collection Name you wish)->Create : A new collection will appear and you will be able to edit its name, description and many other settings.
2) To make a request, click on New->Request->GetUser(Any request name you wish)->Select the Collection you wish to save request in(Present in bottom of dialog box)->Save to Collection
3) In the “Enter Request URL” text box type : https://reqres.in/api/users?page=1 and select the method (the action type) on the left of that field. The default method is GET. Finally, Click on the “Send” Button.
4) You should be able to see the below JSON response in the Body section:
5) For POST requests, we have to send data/parameters in the body of the request, and in response to that, API returns some data to us which validates the user has been created.
6) Click on New->Request->CreateUser(Any request name you wish)->Select the Collection you wish to save request in(Present in bottom of dialog box)->Save to Collection
7) In the “Enter Request URL” text box type : https://reqres.in/api/users and select the POST method on the left of that field.
Note: Add authorization tokens/credentials according to the server side requirements if any.
8) Enter headers in case they are required. For this API, Click on Body Tab and select the “Raw” radio button. In the text box, paste:
{
??"name": "Qaiser",
??"job": "SQA Engineer"
}
And click on Send button
9) Now check for correct status code, in our case we will get : ‘Status:201 Created’
Conclusion:
We have successfully tested the GET and POST requests. Similarly we can test PUT, PATCH, DELETE methods etc.