SlideShare a Scribd company logo

Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012

TEST Huddle
TEST Huddle

EuroSTAR Software Testing Conference 2012 presentation on Testing the API Behind a Moblie App by Marc van 't Veer. See more at: http://conference.eurostarsoftwaretesting.com/past-presentations/

Technology
1 of 35
Download to read offline
Testing the API behind a mobile app System testing in a cloud enabling project Marc van ‘t Veer
Content • Introduction to an API 3 – What is an API – Why an API? – Using the API • How-to test an API • Example defects • Lessons learned
What is an API? • API, stands for application program interface, 4 – Set of routines, protocols, tools for building applications – API reduces complexity – Building blocks for a programmer • My definition: – Framework for communication between systems – Own interface build upon existing internal SOA architecture
What is an API? 5 Backend (Enterprise Service Bus) Adapter My T-Mobile (desktop web) Browser API Webservices Adapter app My T-Mobile (Mobile web) SoapUI Adapter Test app’s app Facebook
Why an API? - examples • Beltegoed Tulp / Zakelijk app from D-centralize 6
Why an API? - examples • Bundels app from Skindustries 7
Why an API? - examples • Beltegoed Tulp / Zakelijk app from D-centralize • Bundels app from Skindustries • Belstand app from Belstand • Belstatus app from P-edge P-Edge quotes of customers Pointing with the blaming finger to T-Mobile * by Vinsert Before and after the update the app is not working. P-Edge said: "Please call customer service of T-Mobile". But they can't help and pointing back because this app is not theirs and it's a problem of P-Edge. 8
Why an API? - details • Problem 9 – Too Diverse market with many platforms – T-Mobile is not in control of its customer contacts – Screen scrapers are not good and secure enough • Solution – Introduction of an API • Requirements – Introduction must be fast, much faster than direct competitors – Ready for future projects
Using API - structure • How does an API look like? 10 – Dutch Rail (NS) API example • Structure of the T-Mobile API – Services that are provided • Root (Start URL) • Account • Customer (invoice data) • Subscription (bundles, loyalty points, subscriber) – Schema example – Example bundle status output API NS T-Mobile
Using API - structure 11 Application/ Vnd.capi.tmobile.nl.postpaidbundlestatus.V1
Using API - structure 12
Using API – My T-Mobile app 13
Using API – My T-Mobile app 14
Using API – My T-Mobile app • User groups of API 15 – App’s: Android, Iphone, Windows, Blackberry – Internal T-Mobile – Browser version of the API – Social media: Facebook – (internal/external) developers: • Documentation • Base line code for new App (with guidelines) – Operations (monitoring)
How-to test an API? – start from scratch • Architecture 16 – REST vs. SOAP – Stateless vs. Session – Media types vs. WSDL • text/xml • application/vnd.capi.tmobile.nl.postpaidbundlestatus.V1 – Verbs (GET) – Resources – Caching results • Tools – SoapUI, Fiddler, Altova XML Spy, FileZilla, Browsers (like Firefox with add-ons)
Typical risks A. Unknown integration B. Big variation of customer data C. No control on the chain D. Load is unknown E. Wrong use of API F. Dynamic scope 17
Strategy • Early integration test with complete infrastructure 18 – Integration test and dogfooding during Dev and ST – Multiple integration phases – Prototype app (on Acceptance environment)
Test approach 1. Development (with dogfooding) 2. System testing (resources with backend and SIT) 3. Integration testing (internal: API with backend) 4. Acceptance testing (external: API with prototype app) 5. Production integration (in phases) 6. Regression testing (automated) 19 Backend (Enterprise Service Bus) Adapter My T-Mobile (desktop web) Browser API Webservices Adapter app My T-Mobile (Mobile web) SoapUI Adapter Test app’s
Defect examples • 4 examples • Boundary between API - app 20
Cache key • Test setup was: New session and clean all 21 cookies/cache before each test case • Each output for a resource is cached • Defect was: it was cached with the same key for all customers • Test scenario: login sequential with different users
Error status • Validation of HTTP-Statuses (Error and related status) 22 • By using the general HTTP error code the app could not explicitly check what went wrong Error Code Error Code Api Status Description Reason Recommendation 401 - Unauthorized 1102 Invalid username or token. The application supplied invalid credentials. GUI: Ask for a different set of credentials. 401 - Unauthorized 1103 Account has been temporarily locked out. Too many invalid attempts have been tried for these credentials, so the account is locked out for at least 1 minute GUI: Ask the user to wait for at least 1 minute before retrying.
Max. units • Test data with big variation in rateplans 23 • Total remaining bundle is determined by max. units. <Bundle> <Name>Flex 10</Name> <FreeUnits xsi:nil="true" /> <Unit>EURCENT</Unit> <MaxUnits>10</MaxUnits> <MaxUnitsPresentation>€ 10,00</MaxUnitsPresentation> <UsageAmount>148</UsageAmount> <UsageAmountPresentation>€ 1,48</UsageAmountPresentation> </Bundle> <Bundle> <Name>Bel&SMS 15</Name> <FreeUnits xsi:nil="true" /> <Unit>MIN/SMS</Unit> <MaxUnits>60/25</MaxUnits> <MaxUnitsPresentation>60 min./ 25 SMS</MaxUnitsPresentation> <UsageAmount>10/15</UsageAmount> <UsageAmountPresentation>10 min. / 15 SMS</UsageAmountPresentation> </Bundle>
Menu name error • Loyalty Programs: T-Mobile Extra or T-Mobile Speciaal • Generic service only menu name different • Interface design: 24 – loyaltyProgramDescription value => TM Extra or TM Special • Implementation T-Mobile frontend: If loyaltyProgramCode == "TME“ then ProgramDescription = "T-Mobile Extra" If loyaltyProgramCode == "TMS“ then ProgramDescription = "T-Mobile Speciaal“
Lessons learned • API • API/app communication • Testing 25
API A. New test type: production tests B. Command line C. Scope D. Security E. No backup tricks 26
API/app communication A. T-Mobile is (still) seen as responsible B. Presentation errors of data will always occur C. Very tempting to fix defects in app instead of API D. More explanation needed with secured API 27
Testing A. Normal test techniques B. Instrument for defect analysis C. Automated regression tests on production D. New responsibilities E. SOA/Interfaces/HTTP protocol/Tools F. Experience with building interfaces 28
Summary • Project 29 – API and app are live, API enables a new world – API is now used by 500.000 users – Prepared for the future: Facebook, Windows, Blackberry apps are coming • System testing – New responsibilities: support during all phases and production tests – API tests are early integration tests in a broader scope – Experienced team with SOA/interfaces and tools is a big plus
Questions or remarks? 30 Test possiblity of API at the Polteq stand
References Source Link [Apple, 2009] iPhone 3g Commercial "There's An App For That" 31 http://www.youtube.com/watch?v=szrsfeyLzyg [T-Mobile, 2011] Customer API T-Mobile: https://capi.t-mobile.nl/ [Wiki,2012] API : http://en.wikipedia.org/wiki/Application_programming_interfac e#Use_of_APIs_to_share_content REST architecture: http://en.wikipedia.org/wiki/Representational_state_transfer Internet Media Types: http://en.wikipedia.org/wiki/Internet_media_type#Type_applica tion SOA: http://en.wikipedia.org/wiki/Service-oriented_architecture Sequence diagrams: http://nl.wikipedia.org/wiki/Unified_Modeling_Language Dogfooding: http://en.wikipedia.org/wiki/Eating_your_own_dog_food
References, continued Source Link [SmartBear Software, 2011] SoapUI with REST: 32 http://www.soapui.org/REST-Testing/getting-started.html [Tweakers, 2012] More secure public API from NS: http://tweakers.net/nieuws/81389/ns-wil-apps-die-prijs-treinreis- tonen-vooraf-keuren.html [D-Centralize, 2012] Beltegoed Tulp: http://www.d-centralize.nl/beltegoed [Belstatus, 2012] Belstatus: http://www.p-edge.nl/belstatus [Belstand, 2012] Belstand: http://www.belstand.nl/ [Skindustries, 2012] Bundels: http://www.skindustries.net/?p=portfolio&item=bundels
More information • Marc van 't Veer 33 Test consultant Polteq Dordrecht • +31 (0) 6 46 63 61 48 (mob) http://www.polteq.com marc.vantveer@polteq.com
Backup slides 34
How-to test an API? – Example test cases Phase Structure Element Test case Defect 0. Setup Test 35 application Setup - Stub frame work - Tooling (SoapUI, browser, + add-ins, Fiddler, Altova XML Spy, FileZilla) - Interfaces and test data 1. Development Framework Dogfooding Check easy of use framework and how good it functions 2. System testing Functionality with and without stubs • With and without stubs • Test applications URL Structure, parameters • Header request : character set, media types, Verbs (GET/POST/UPDATE), HTTP(S) • Logging: Support defect analysis (server and database) • HTTP-statussen: Error and related status Common validation/Authentication/Authorization • Access codes (tokes) • Profiles (subscription active, SIM active, token status) • Customer/contract types • Caching: Duration, authorization, clearing, content, multiple users • Navigation: between resources Resources • Profiles: Business rules for each resource with variation customer data Output • Presentation forms and versions (supported not supported) Monitoring • Reporting and performance (load filter, backend availability Documentation SIT No stubs Integration with Tibco Variation in customers, rateplans, prices, contract types, history, options with no stubs 3. Integration testing Internal API with complete backend No regression impact of other projects 4. Acceptance testing External integration API with prototype First integration of app with API Prototype app integration during acceptance testing: - Resource name of loyalty - Caching multiple users - HTTP statussen 5. Production testing Real customers API with live app Real customers with app on production API Production integration testing: - Variation in customers, rateplans, prices, contract types, history, options 6. Regression Regression Reruns - Manual and Automated regression tests

Recommended

Webservicex.pdf
Webservicex.pdfWebservicex.pdf
Webservicex.pdf
ssuser751c981
 
Neha Arora_Resume
Neha Arora_ResumeNeha Arora_Resume
Neha Arora_Resume
Neha Arora
 
Webinar: Appium & Perfecto: A Perfect Match
Webinar: Appium & Perfecto: A Perfect MatchWebinar: Appium & Perfecto: A Perfect Match
Webinar: Appium & Perfecto: A Perfect Match
Lizzy Guido (she/her)
 
Punith_CV
Punith_CVPunith_CV
Punith_CV
Puneeth k
 
Test Infrastructure for Native and Hybrid iOS and Android Applications
Test Infrastructure for Native and Hybrid iOS and Android ApplicationsTest Infrastructure for Native and Hybrid iOS and Android Applications
Test Infrastructure for Native and Hybrid iOS and Android Applications
Josiah Renaudin
 
Mobile testing
Mobile testingMobile testing
Mobile testing
Alex Hung
 
Appmotives - Software Testing As Service
Appmotives - Software Testing As ServiceAppmotives - Software Testing As Service
Appmotives - Software Testing As Service
Kalyan Paluri
 
Appium & Selenium Alone vs Appium & Selenium with Perfecto
Appium & Selenium Alone vs Appium & Selenium with PerfectoAppium & Selenium Alone vs Appium & Selenium with Perfecto
Appium & Selenium Alone vs Appium & Selenium with Perfecto
Lizzy Guido (she/her)
 

Recommended

Webservicex.pdf
Webservicex.pdfWebservicex.pdf
Webservicex.pdf
ssuser751c981
 
Neha Arora_Resume
Neha Arora_ResumeNeha Arora_Resume
Neha Arora_Resume
Neha Arora
 
Webinar: Appium & Perfecto: A Perfect Match
Webinar: Appium & Perfecto: A Perfect MatchWebinar: Appium & Perfecto: A Perfect Match
Webinar: Appium & Perfecto: A Perfect Match
Lizzy Guido (she/her)
 
Punith_CV
Punith_CVPunith_CV
Punith_CV
Puneeth k
 
Test Infrastructure for Native and Hybrid iOS and Android Applications
Test Infrastructure for Native and Hybrid iOS and Android ApplicationsTest Infrastructure for Native and Hybrid iOS and Android Applications
Test Infrastructure for Native and Hybrid iOS and Android Applications
Josiah Renaudin
 
Mobile testing
Mobile testingMobile testing
Mobile testing
Alex Hung
 
Appmotives - Software Testing As Service
Appmotives - Software Testing As ServiceAppmotives - Software Testing As Service
Appmotives - Software Testing As Service
Kalyan Paluri
 
Appium & Selenium Alone vs Appium & Selenium with Perfecto
Appium & Selenium Alone vs Appium & Selenium with PerfectoAppium & Selenium Alone vs Appium & Selenium with Perfecto
Appium & Selenium Alone vs Appium & Selenium with Perfecto
Lizzy Guido (she/her)
 
Uber mobility - Build & Release
Uber mobility - Build & ReleaseUber mobility - Build & Release
Uber mobility - Build & Release
Dhaval Patel
 
Mobile Monitoring Best Practices
Mobile Monitoring Best PracticesMobile Monitoring Best Practices
Mobile Monitoring Best Practices
Lizzy Guido (she/her)
 
Uber Mobility Meetup: Mobile Testing
Uber Mobility Meetup: Mobile TestingUber Mobility Meetup: Mobile Testing
Uber Mobility Meetup: Mobile Testing
Apple Chow
 
Performance Testing REST APIs
Performance Testing REST APIsPerformance Testing REST APIs
Performance Testing REST APIs
Jason Weden
 
Asha_4Yrs_Manual_3_Yrs_Automation
Asha_4Yrs_Manual_3_Yrs_AutomationAsha_4Yrs_Manual_3_Yrs_Automation
Asha_4Yrs_Manual_3_Yrs_Automation
cnasha
 
How To Sell Into Insurance with Perfecto
How To Sell Into Insurance with PerfectoHow To Sell Into Insurance with Perfecto
How To Sell Into Insurance with Perfecto
Lizzy Guido (she/her)
 
Appium Presentation
Appium Presentation Appium Presentation
Appium Presentation
OmarUsman6
 
Mobile Testing Types and Basic Process
Mobile Testing Types and Basic ProcessMobile Testing Types and Basic Process
Mobile Testing Types and Basic Process
Olesia Hirnyk
 
Web application automated testing types and tools
Web application automated testing types and toolsWeb application automated testing types and tools
Web application automated testing types and tools
TestingXperts
 
Mobile Application Testing
Mobile Application Testing Mobile Application Testing
Mobile Application Testing
Shivaraj R
 
TechTalk: Get to Know Perfecto
TechTalk: Get to Know Perfecto TechTalk: Get to Know Perfecto
TechTalk: Get to Know Perfecto
Lizzy Guido (she/her)
 
Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...
BugRaptors
 
Solving the Automation Puzzle - how to select the right automation framework ...
Solving the Automation Puzzle - how to select the right automation framework ...Solving the Automation Puzzle - how to select the right automation framework ...
Solving the Automation Puzzle - how to select the right automation framework ...
Ori Bendet
 
Ayaz_Resume
Ayaz_ResumeAyaz_Resume
Ayaz_Resume
Mohammad Ayaz Khan
 
Raji_QA
Raji_QARaji_QA
Raji_QA
Raja Kumari
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & Appium
Sauce Labs
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
Obaidur (OB) Rashid
 
The Powerful and Comprehensive API for Mobile App Development and Testing
The Powerful and Comprehensive API for Mobile App Development and TestingThe Powerful and Comprehensive API for Mobile App Development and Testing
The Powerful and Comprehensive API for Mobile App Development and Testing
Bitbar
 
Zibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company InidaZibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company Inida
ZibraSoft Technologies
 
Bhabani Shankar Behera_CV
Bhabani Shankar Behera_CVBhabani Shankar Behera_CV
Bhabani Shankar Behera_CV
chiku134
 
Building Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed AgileBuilding Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed Agile
Wee Witthawaskul
 
Fathima Resume
Fathima ResumeFathima Resume
Fathima Resume
Fathima Zohra
 

More Related Content

What's hot

Uber mobility - Build & Release
Uber mobility - Build & ReleaseUber mobility - Build & Release
Uber mobility - Build & Release
Dhaval Patel
 
Asha_4Yrs_Manual_3_Yrs_Automation
Asha_4Yrs_Manual_3_Yrs_AutomationAsha_4Yrs_Manual_3_Yrs_Automation
Asha_4Yrs_Manual_3_Yrs_Automation
cnasha
 

What's hot (12)

Uber mobility - Build & Release
Uber mobility - Build & ReleaseUber mobility - Build & Release
Uber mobility - Build & Release
 
Mobile Monitoring Best Practices
Mobile Monitoring Best PracticesMobile Monitoring Best Practices
Mobile Monitoring Best Practices
 
Uber Mobility Meetup: Mobile Testing
Uber Mobility Meetup: Mobile TestingUber Mobility Meetup: Mobile Testing
Uber Mobility Meetup: Mobile Testing
 
Performance Testing REST APIs
Performance Testing REST APIsPerformance Testing REST APIs
Performance Testing REST APIs
 
Asha_4Yrs_Manual_3_Yrs_Automation
Asha_4Yrs_Manual_3_Yrs_AutomationAsha_4Yrs_Manual_3_Yrs_Automation
Asha_4Yrs_Manual_3_Yrs_Automation
 
How To Sell Into Insurance with Perfecto
How To Sell Into Insurance with PerfectoHow To Sell Into Insurance with Perfecto
How To Sell Into Insurance with Perfecto
 
Appium Presentation
Appium Presentation Appium Presentation
Appium Presentation
 
Mobile Testing Types and Basic Process
Mobile Testing Types and Basic ProcessMobile Testing Types and Basic Process
Mobile Testing Types and Basic Process
 
Web application automated testing types and tools
Web application automated testing types and toolsWeb application automated testing types and tools
Web application automated testing types and tools
 
Mobile Application Testing
Mobile Application Testing Mobile Application Testing
Mobile Application Testing
 
TechTalk: Get to Know Perfecto
TechTalk: Get to Know Perfecto TechTalk: Get to Know Perfecto
TechTalk: Get to Know Perfecto
 
Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...Measure performance of the application using open source performance testing...
Measure performance of the application using open source performance testing...
 

Similar to Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012

Solving the Automation Puzzle - how to select the right automation framework ...
Solving the Automation Puzzle - how to select the right automation framework ...Solving the Automation Puzzle - how to select the right automation framework ...
Solving the Automation Puzzle - how to select the right automation framework ...
Ori Bendet
 
Zibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company InidaZibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company Inida
ZibraSoft Technologies
 
Bhabani Shankar Behera_CV
Bhabani Shankar Behera_CVBhabani Shankar Behera_CV
Bhabani Shankar Behera_CV
chiku134
 
Raji_new_July_2015
Raji_new_July_2015Raji_new_July_2015
Raji_new_July_2015
Raja Kumari
 
Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar
Experitest
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing Workshop
Naresh Jain
 
Resume_Test Analyst
Resume_Test AnalystResume_Test Analyst
Resume_Test Analyst
Anusha N
 
Generating Insights from WSO2 API Manager Statistics
Generating Insights from WSO2 API Manager StatisticsGenerating Insights from WSO2 API Manager Statistics
Generating Insights from WSO2 API Manager Statistics
WSO2
 

Similar to Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012 (20)

Solving the Automation Puzzle - how to select the right automation framework ...
Solving the Automation Puzzle - how to select the right automation framework ...Solving the Automation Puzzle - how to select the right automation framework ...
Solving the Automation Puzzle - how to select the right automation framework ...
 
Ayaz_Resume
Ayaz_ResumeAyaz_Resume
Ayaz_Resume
 
Raji_QA
Raji_QARaji_QA
Raji_QA
 
Getting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & AppiumGetting Started with Mobile Test Automation & Appium
Getting Started with Mobile Test Automation & Appium
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
The Powerful and Comprehensive API for Mobile App Development and Testing
The Powerful and Comprehensive API for Mobile App Development and TestingThe Powerful and Comprehensive API for Mobile App Development and Testing
The Powerful and Comprehensive API for Mobile App Development and Testing
 
Zibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company InidaZibrasoft | Software QA Testing Company Inida
Zibrasoft | Software QA Testing Company Inida
 
Bhabani Shankar Behera_CV
Bhabani Shankar Behera_CVBhabani Shankar Behera_CV
Bhabani Shankar Behera_CV
 
Building Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed AgileBuilding Mobile (app) Masterpiece with Distributed Agile
Building Mobile (app) Masterpiece with Distributed Agile
 
Fathima Resume
Fathima ResumeFathima Resume
Fathima Resume
 
Mapping mobileandweblandscape motb
Mapping mobileandweblandscape motbMapping mobileandweblandscape motb
Mapping mobileandweblandscape motb
 
API Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentestersAPI Security - OWASP top 10 for APIs + tips for pentesters
API Security - OWASP top 10 for APIs + tips for pentesters
 
Raji_new_July_2015
Raji_new_July_2015Raji_new_July_2015
Raji_new_July_2015
 
Shyam-checked
Shyam-checkedShyam-checked
Shyam-checked
 
CV_Snehal_Parate
CV_Snehal_ParateCV_Snehal_Parate
CV_Snehal_Parate
 
Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar Experitest & Wipro Co-Webinar
Experitest & Wipro Co-Webinar
 
Agile Mobile Testing Workshop
Agile Mobile Testing WorkshopAgile Mobile Testing Workshop
Agile Mobile Testing Workshop
 
SharePoint 2013 Apps and the App Model
SharePoint 2013 Apps and the App ModelSharePoint 2013 Apps and the App Model
SharePoint 2013 Apps and the App Model
 
Resume_Test Analyst
Resume_Test AnalystResume_Test Analyst
Resume_Test Analyst
 
Generating Insights from WSO2 API Manager Statistics
Generating Insights from WSO2 API Manager StatisticsGenerating Insights from WSO2 API Manager Statistics
Generating Insights from WSO2 API Manager Statistics
 

More from TEST Huddle

Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar
TEST Huddle
 
Growing a Company Test Community: Roles and Paths for Testers
Growing a Company Test Community: Roles and Paths for TestersGrowing a Company Test Community: Roles and Paths for Testers
Growing a Company Test Community: Roles and Paths for Testers
TEST Huddle
 

More from TEST Huddle (20)

Why We Need Diversity in Testing- Accenture
Why We Need Diversity in Testing- AccentureWhy We Need Diversity in Testing- Accenture
Why We Need Diversity in Testing- Accenture
 
Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar Keys to continuous testing for faster delivery euro star webinar
Keys to continuous testing for faster delivery euro star webinar
 
Why you Shouldnt Automated But You Will Anyway
Why you Shouldnt Automated But You Will Anyway Why you Shouldnt Automated But You Will Anyway
Why you Shouldnt Automated But You Will Anyway
 
Being a Tester in Scrum
Being a Tester in ScrumBeing a Tester in Scrum
Being a Tester in Scrum
 
Leveraging Visual Testing with Your Functional Tests
Leveraging Visual Testing with Your Functional TestsLeveraging Visual Testing with Your Functional Tests
Leveraging Visual Testing with Your Functional Tests
 
Using Test Trees to get an Overview of Test Work
Using Test Trees to get an Overview of Test WorkUsing Test Trees to get an Overview of Test Work
Using Test Trees to get an Overview of Test Work
 
Big Data: The Magic to Attain New Heights
Big Data: The Magic to Attain New HeightsBig Data: The Magic to Attain New Heights
Big Data: The Magic to Attain New Heights
 
Will Robots Replace Testers?
Will Robots Replace Testers?Will Robots Replace Testers?
Will Robots Replace Testers?
 
TDD For The Rest Of Us
TDD For The Rest Of UsTDD For The Rest Of Us
TDD For The Rest Of Us
 
Scaling Agile with LeSS (Large Scale Scrum)
Scaling Agile with LeSS (Large Scale Scrum)Scaling Agile with LeSS (Large Scale Scrum)
Scaling Agile with LeSS (Large Scale Scrum)
 
Creating Agile Test Strategies for Larger Enterprises
Creating Agile Test Strategies for Larger EnterprisesCreating Agile Test Strategies for Larger Enterprises
Creating Agile Test Strategies for Larger Enterprises
 
Is There A Risk?
Is There A Risk?Is There A Risk?
Is There A Risk?
 
Are Your Tests Well-Travelled? Thoughts About Test Coverage
Are Your Tests Well-Travelled? Thoughts About Test CoverageAre Your Tests Well-Travelled? Thoughts About Test Coverage
Are Your Tests Well-Travelled? Thoughts About Test Coverage
 
Growing a Company Test Community: Roles and Paths for Testers
Growing a Company Test Community: Roles and Paths for TestersGrowing a Company Test Community: Roles and Paths for Testers
Growing a Company Test Community: Roles and Paths for Testers
 
Do we need testers on agile teams?
Do we need testers on agile teams?Do we need testers on agile teams?
Do we need testers on agile teams?
 
How to use selenium successfully
How to use selenium successfullyHow to use selenium successfully
How to use selenium successfully
 
Testers & Teams on the Agile Fluency™ Journey
Testers & Teams on the Agile Fluency™ Journey Testers & Teams on the Agile Fluency™ Journey
Testers & Teams on the Agile Fluency™ Journey
 
Practical Test Strategy Using Heuristics
Practical Test Strategy Using HeuristicsPractical Test Strategy Using Heuristics
Practical Test Strategy Using Heuristics
 
Thinking Through Your Role
Thinking Through Your RoleThinking Through Your Role
Thinking Through Your Role
 
Using Selenium 3 0
Using Selenium 3 0Using Selenium 3 0
Using Selenium 3 0
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Recently uploaded (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012

  • 1.
  • 2. Testing the API behind a mobile app System testing in a cloud enabling project Marc van ‘t Veer
  • 3. Content • Introduction to an API 3 – What is an API – Why an API? – Using the API • How-to test an API • Example defects • Lessons learned
  • 4. What is an API? • API, stands for application program interface, 4 – Set of routines, protocols, tools for building applications – API reduces complexity – Building blocks for a programmer • My definition: – Framework for communication between systems – Own interface build upon existing internal SOA architecture
  • 5. What is an API? 5 Backend (Enterprise Service Bus) Adapter My T-Mobile (desktop web) Browser API Webservices Adapter app My T-Mobile (Mobile web) SoapUI Adapter Test app’s app Facebook
  • 6. Why an API? - examples • Beltegoed Tulp / Zakelijk app from D-centralize 6
  • 7. Why an API? - examples • Bundels app from Skindustries 7
  • 8. Why an API? - examples • Beltegoed Tulp / Zakelijk app from D-centralize • Bundels app from Skindustries • Belstand app from Belstand • Belstatus app from P-edge P-Edge quotes of customers Pointing with the blaming finger to T-Mobile * by Vinsert Before and after the update the app is not working. P-Edge said: "Please call customer service of T-Mobile". But they can't help and pointing back because this app is not theirs and it's a problem of P-Edge. 8
  • 9. Why an API? - details • Problem 9 – Too Diverse market with many platforms – T-Mobile is not in control of its customer contacts – Screen scrapers are not good and secure enough • Solution – Introduction of an API • Requirements – Introduction must be fast, much faster than direct competitors – Ready for future projects
  • 10. Using API - structure • How does an API look like? 10 – Dutch Rail (NS) API example • Structure of the T-Mobile API – Services that are provided • Root (Start URL) • Account • Customer (invoice data) • Subscription (bundles, loyalty points, subscriber) – Schema example – Example bundle status output API NS T-Mobile
  • 11. Using API - structure 11 Application/ Vnd.capi.tmobile.nl.postpaidbundlestatus.V1
  • 12. Using API - structure 12
  • 13. Using API – My T-Mobile app 13
  • 14. Using API – My T-Mobile app 14
  • 15. Using API – My T-Mobile app • User groups of API 15 – App’s: Android, Iphone, Windows, Blackberry – Internal T-Mobile – Browser version of the API – Social media: Facebook – (internal/external) developers: • Documentation • Base line code for new App (with guidelines) – Operations (monitoring)
  • 16. How-to test an API? – start from scratch • Architecture 16 – REST vs. SOAP – Stateless vs. Session – Media types vs. WSDL • text/xml • application/vnd.capi.tmobile.nl.postpaidbundlestatus.V1 – Verbs (GET) – Resources – Caching results • Tools – SoapUI, Fiddler, Altova XML Spy, FileZilla, Browsers (like Firefox with add-ons)
  • 17. Typical risks A. Unknown integration B. Big variation of customer data C. No control on the chain D. Load is unknown E. Wrong use of API F. Dynamic scope 17
  • 18. Strategy • Early integration test with complete infrastructure 18 – Integration test and dogfooding during Dev and ST – Multiple integration phases – Prototype app (on Acceptance environment)
  • 19. Test approach 1. Development (with dogfooding) 2. System testing (resources with backend and SIT) 3. Integration testing (internal: API with backend) 4. Acceptance testing (external: API with prototype app) 5. Production integration (in phases) 6. Regression testing (automated) 19 Backend (Enterprise Service Bus) Adapter My T-Mobile (desktop web) Browser API Webservices Adapter app My T-Mobile (Mobile web) SoapUI Adapter Test app’s
  • 20. Defect examples • 4 examples • Boundary between API - app 20
  • 21. Cache key • Test setup was: New session and clean all 21 cookies/cache before each test case • Each output for a resource is cached • Defect was: it was cached with the same key for all customers • Test scenario: login sequential with different users
  • 22. Error status • Validation of HTTP-Statuses (Error and related status) 22 • By using the general HTTP error code the app could not explicitly check what went wrong Error Code Error Code Api Status Description Reason Recommendation 401 - Unauthorized 1102 Invalid username or token. The application supplied invalid credentials. GUI: Ask for a different set of credentials. 401 - Unauthorized 1103 Account has been temporarily locked out. Too many invalid attempts have been tried for these credentials, so the account is locked out for at least 1 minute GUI: Ask the user to wait for at least 1 minute before retrying.
  • 23. Max. units • Test data with big variation in rateplans 23 • Total remaining bundle is determined by max. units. <Bundle> <Name>Flex 10</Name> <FreeUnits xsi:nil="true" /> <Unit>EURCENT</Unit> <MaxUnits>10</MaxUnits> <MaxUnitsPresentation>€ 10,00</MaxUnitsPresentation> <UsageAmount>148</UsageAmount> <UsageAmountPresentation>€ 1,48</UsageAmountPresentation> </Bundle> <Bundle> <Name>Bel&SMS 15</Name> <FreeUnits xsi:nil="true" /> <Unit>MIN/SMS</Unit> <MaxUnits>60/25</MaxUnits> <MaxUnitsPresentation>60 min./ 25 SMS</MaxUnitsPresentation> <UsageAmount>10/15</UsageAmount> <UsageAmountPresentation>10 min. / 15 SMS</UsageAmountPresentation> </Bundle>
  • 24. Menu name error • Loyalty Programs: T-Mobile Extra or T-Mobile Speciaal • Generic service only menu name different • Interface design: 24 – loyaltyProgramDescription value => TM Extra or TM Special • Implementation T-Mobile frontend: If loyaltyProgramCode == "TME“ then ProgramDescription = "T-Mobile Extra" If loyaltyProgramCode == "TMS“ then ProgramDescription = "T-Mobile Speciaal“
  • 25. Lessons learned • API • API/app communication • Testing 25
  • 26. API A. New test type: production tests B. Command line C. Scope D. Security E. No backup tricks 26
  • 27. API/app communication A. T-Mobile is (still) seen as responsible B. Presentation errors of data will always occur C. Very tempting to fix defects in app instead of API D. More explanation needed with secured API 27
  • 28. Testing A. Normal test techniques B. Instrument for defect analysis C. Automated regression tests on production D. New responsibilities E. SOA/Interfaces/HTTP protocol/Tools F. Experience with building interfaces 28
  • 29. Summary • Project 29 – API and app are live, API enables a new world – API is now used by 500.000 users – Prepared for the future: Facebook, Windows, Blackberry apps are coming • System testing – New responsibilities: support during all phases and production tests – API tests are early integration tests in a broader scope – Experienced team with SOA/interfaces and tools is a big plus
  • 30. Questions or remarks? 30 Test possiblity of API at the Polteq stand
  • 31. References Source Link [Apple, 2009] iPhone 3g Commercial "There's An App For That" 31 http://www.youtube.com/watch?v=szrsfeyLzyg [T-Mobile, 2011] Customer API T-Mobile: https://capi.t-mobile.nl/ [Wiki,2012] API : http://en.wikipedia.org/wiki/Application_programming_interfac e#Use_of_APIs_to_share_content REST architecture: http://en.wikipedia.org/wiki/Representational_state_transfer Internet Media Types: http://en.wikipedia.org/wiki/Internet_media_type#Type_applica tion SOA: http://en.wikipedia.org/wiki/Service-oriented_architecture Sequence diagrams: http://nl.wikipedia.org/wiki/Unified_Modeling_Language Dogfooding: http://en.wikipedia.org/wiki/Eating_your_own_dog_food
  • 32. References, continued Source Link [SmartBear Software, 2011] SoapUI with REST: 32 http://www.soapui.org/REST-Testing/getting-started.html [Tweakers, 2012] More secure public API from NS: http://tweakers.net/nieuws/81389/ns-wil-apps-die-prijs-treinreis- tonen-vooraf-keuren.html [D-Centralize, 2012] Beltegoed Tulp: http://www.d-centralize.nl/beltegoed [Belstatus, 2012] Belstatus: http://www.p-edge.nl/belstatus [Belstand, 2012] Belstand: http://www.belstand.nl/ [Skindustries, 2012] Bundels: http://www.skindustries.net/?p=portfolio&item=bundels
  • 33. More information • Marc van 't Veer 33 Test consultant Polteq Dordrecht • +31 (0) 6 46 63 61 48 (mob) http://www.polteq.com marc.vantveer@polteq.com
  • 35. How-to test an API? – Example test cases Phase Structure Element Test case Defect 0. Setup Test 35 application Setup - Stub frame work - Tooling (SoapUI, browser, + add-ins, Fiddler, Altova XML Spy, FileZilla) - Interfaces and test data 1. Development Framework Dogfooding Check easy of use framework and how good it functions 2. System testing Functionality with and without stubs • With and without stubs • Test applications URL Structure, parameters • Header request : character set, media types, Verbs (GET/POST/UPDATE), HTTP(S) • Logging: Support defect analysis (server and database) • HTTP-statussen: Error and related status Common validation/Authentication/Authorization • Access codes (tokes) • Profiles (subscription active, SIM active, token status) • Customer/contract types • Caching: Duration, authorization, clearing, content, multiple users • Navigation: between resources Resources • Profiles: Business rules for each resource with variation customer data Output • Presentation forms and versions (supported not supported) Monitoring • Reporting and performance (load filter, backend availability Documentation SIT No stubs Integration with Tibco Variation in customers, rateplans, prices, contract types, history, options with no stubs 3. Integration testing Internal API with complete backend No regression impact of other projects 4. Acceptance testing External integration API with prototype First integration of app with API Prototype app integration during acceptance testing: - Resource name of loyalty - Caching multiple users - HTTP statussen 5. Production testing Real customers API with live app Real customers with app on production API Production integration testing: - Variation in customers, rateplans, prices, contract types, history, options 6. Regression Regression Reruns - Manual and Automated regression tests