Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Agile Testing Days 2018 USA - API Testing Fundamentals
1. •Open the Trello board at
https://goo.gl/U8hdro
•Download the Postman desktop app from
https://www.getpostman.com/ and follow the
installation instructions.
No dogs were actually washed in the production of these slides.
Get a headstart on API Testing
FUNdamentals!
2. Show of feet (stand up) - who is willing to share their screen
(with Postman) with someone? Hands-on for everyone is
preferred.
Let's self-organize - Screen folk, keep standing. Screenless
folk, re-locate to be near a screen.
Not enough screens? Follow along with Dan. Move up front
and grab a seat near Dan.
Screen logistics
13. Exploratory Testing
• Identify the variable bits - things that can/will/might
change
• Apply Heuristics to the variables
• Zero, One, Many
• Some, None, All
• Beginning, Middle, End
• Too Many, Too Few
• Relative Position, i.e. content
14. Functional, Contract, &
Integration
• Basic
• Correct status codes are generated for invalid inputs
• Request/response bodies contain the correct content
type and schema
• Backwards-compatibility for public APIs
• Advanced
• Join API requests together to mirror application
functionality
15. Performance & Security
• Performance
• Response times under different conditions
• Basic Security
• Authentication tokens are valid/present
• Authorization - account boundaries are not
violated
• SSL is enforced/warned when not present
• Advanced Security
• Injection points – headers, parameters, body
• Recording tools – what is exposed/available
• Rest Security Cheat Sheet; OWASP top 10
security vulnerabilities
16. To Infinity and Beyond!
• API tests are part of your CI/CD pipeline
• Newman - command line runner for Postman
collections
• Runscope - great for testing incoming requests,
a la webhooks
• Augment unit tests by crossing component
boundaries
• Tests are accessible to developers to run locally
• Tests are purpose-specific - don’t test everything
at one time