SlideShare a Scribd company logo

Agile Testing Days 2018 USA - API Testing Fundamentals

JoEllen Carter
JoEllen Carter

Slides from API Testing Fundamentals workshop at Agile Testing Days 2018

Technology
1 of 19
Download to read offline
•Open the Trello board at https://goo.gl/U8hdro •Download the Postman desktop app from https://www.getpostman.com/ and follow the installation instructions. No dogs were actually washed in the production of these slides. Get a headstart on API Testing FUNdamentals!
Show of feet (stand up) - who is willing to share their screen (with Postman) with someone? Hands-on for everyone is preferred. Let's self-organize - Screen folk, keep standing. Screenless folk, re-locate to be near a screen. Not enough screens? Follow along with Dan. Move up front and grab a seat near Dan. Screen logistics
API Testing FUNdamentals JoEllen Carter / Dan Gilkerson
What’s so fun about testing an Application Programming Interface?
Do restful APIs take naps?
HTTPRequest URL Method Headers Body
When does the fun start?
Workshop Trello Board https://goo.gl/U8hdro
TeamCity Newman Reporter
Let’s recap….
Exploratory Testing • Identify the variable bits - things that can/will/might change • Apply Heuristics to the variables • Zero, One, Many • Some, None, All • Beginning, Middle, End • Too Many, Too Few • Relative Position, i.e. content
Functional, Contract, & Integration • Basic • Correct status codes are generated for invalid inputs • Request/response bodies contain the correct content type and schema • Backwards-compatibility for public APIs • Advanced • Join API requests together to mirror application functionality
Performance & Security • Performance • Response times under different conditions • Basic Security • Authentication tokens are valid/present • Authorization - account boundaries are not violated • SSL is enforced/warned when not present • Advanced Security • Injection points – headers, parameters, body • Recording tools – what is exposed/available • Rest Security Cheat Sheet; OWASP top 10 security vulnerabilities
To Infinity and Beyond! • API tests are part of your CI/CD pipeline • Newman - command line runner for Postman collections • Runscope - great for testing incoming requests, a la webhooks • Augment unit tests by crossing component boundaries • Tests are accessible to developers to run locally • Tests are purpose-specific - don’t test everything at one time
How much fun did we have?
Links ProgrammableWeb API Security Testing OWASP Top 10 Project List of HTTP Header fields Varonis - Introduction to Oauth Oauth.net Understanding rest and rpc http://kanyerest.xyz/
Thank you! JoEllen Carter @testacious Dan Gilkerson @dangilkerson

Recommended

Automation Best Practices
Automation Best PracticesAutomation Best Practices
Automation Best PracticesSauce Labs
 
Belfast Selenium Meetup
Belfast Selenium MeetupBelfast Selenium Meetup
Belfast Selenium MeetupJustin Ison
 
Selenium Camp 2016 - Kiev, Ukraine
Selenium Camp 2016 - Kiev, UkraineSelenium Camp 2016 - Kiev, Ukraine
Selenium Camp 2016 - Kiev, UkraineJustin Ison
 
Automated Exploratory Testing
Automated Exploratory TestingAutomated Exploratory Testing
Automated Exploratory TestingJustin Ison
 
Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...
Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...
Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...Andreas Grabner
 
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce LabsSimplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce LabsSauce Labs
 
SeleniumCamp 2015 Andrii Soldatenko
SeleniumCamp 2015 Andrii SoldatenkoSeleniumCamp 2015 Andrii Soldatenko
SeleniumCamp 2015 Andrii SoldatenkoAndrii Soldatenko
 
Rentv
RentvRentv
RentvTimothy Tsvetkov
 

Recommended

Automation Best Practices
Automation Best PracticesAutomation Best Practices
Automation Best PracticesSauce Labs
 
Belfast Selenium Meetup
Belfast Selenium MeetupBelfast Selenium Meetup
Belfast Selenium MeetupJustin Ison
 
Selenium Camp 2016 - Kiev, Ukraine
Selenium Camp 2016 - Kiev, UkraineSelenium Camp 2016 - Kiev, Ukraine
Selenium Camp 2016 - Kiev, UkraineJustin Ison
 
Automated Exploratory Testing
Automated Exploratory TestingAutomated Exploratory Testing
Automated Exploratory TestingJustin Ison
 
Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...
Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...
Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...Andreas Grabner
 
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce LabsSimplify CI with the Updated Jenkins Plugin for Sauce Labs
Simplify CI with the Updated Jenkins Plugin for Sauce LabsSauce Labs
 
SeleniumCamp 2015 Andrii Soldatenko
SeleniumCamp 2015 Andrii SoldatenkoSeleniumCamp 2015 Andrii Soldatenko
SeleniumCamp 2015 Andrii SoldatenkoAndrii Soldatenko
 
Rentv
RentvRentv
RentvTimothy Tsvetkov
 
Building serverless-applications
Building serverless-applicationsBuilding serverless-applications
Building serverless-applicationsAndrii Soldatenko
 
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...Alina Dolgikh
 
Mobile Testing Tips - Let's achieve fast feedback loops
Mobile Testing Tips - Let's achieve fast feedback loopsMobile Testing Tips - Let's achieve fast feedback loops
Mobile Testing Tips - Let's achieve fast feedback loopsKenneth Poon
 
Speed upyourtest with_appium
Speed upyourtest with_appiumSpeed upyourtest with_appium
Speed upyourtest with_appiumVodqaBLR
 
PyCon Ukraine 2014
PyCon Ukraine 2014PyCon Ukraine 2014
PyCon Ukraine 2014Andrii Soldatenko
 
Selenium and Appium Training from Sauce Labs
Selenium and Appium Training from Sauce LabsSelenium and Appium Training from Sauce Labs
Selenium and Appium Training from Sauce LabsSauce Labs
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)Danny Preussler
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterPuneet Khanduri
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupMike Long
 
VodQA_ParallelizingCukes_AmanKing
VodQA_ParallelizingCukes_AmanKingVodQA_ParallelizingCukes_AmanKing
VodQA_ParallelizingCukes_AmanKingpoojaelkunchwar
 
Continuous Testing in the Cloud
Continuous Testing in the CloudContinuous Testing in the Cloud
Continuous Testing in the CloudSauce Labs
 
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...Andreas Grabner
 
Super powered API testing
Super powered API testing Super powered API testing
Super powered API testing postmanclient
 
Make Your UI Tests Resilient with the Next Generation of Frameworks
Make Your UI Tests Resilient with the Next Generation of FrameworksMake Your UI Tests Resilient with the Next Generation of Frameworks
Make Your UI Tests Resilient with the Next Generation of FrameworksSatyajit Malugu
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Perforce
 
JavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep DiveJavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep DiveAndreas Grabner
 
Continuous integration & deployment
Continuous integration & deploymentContinuous integration & deployment
Continuous integration & deploymentAlan Harper
 
Careful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App DevelopmentCareful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App Development3scale
 
Oscon presentation
Oscon presentationOscon presentation
Oscon presentationgarrettmoon
 
SauceCon 2017: Testing @ the Speed of Concurrency
SauceCon 2017: Testing @ the Speed of ConcurrencySauceCon 2017: Testing @ the Speed of Concurrency
SauceCon 2017: Testing @ the Speed of ConcurrencySauce Labs
 
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 201510 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015Peter Sabev
 
Use Jenkins For Continuous Load Testing And Mobile Test Automation
Use Jenkins For Continuous Load Testing And Mobile Test AutomationUse Jenkins For Continuous Load Testing And Mobile Test Automation
Use Jenkins For Continuous Load Testing And Mobile Test AutomationClever Moe
 

More Related Content

What's hot

Building serverless-applications
Building serverless-applicationsBuilding serverless-applications
Building serverless-applicationsAndrii Soldatenko
 
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...Alina Dolgikh
 
Mobile Testing Tips - Let's achieve fast feedback loops
Mobile Testing Tips - Let's achieve fast feedback loopsMobile Testing Tips - Let's achieve fast feedback loops
Mobile Testing Tips - Let's achieve fast feedback loopsKenneth Poon
 
Speed upyourtest with_appium
Speed upyourtest with_appiumSpeed upyourtest with_appium
Speed upyourtest with_appiumVodqaBLR
 
Selenium and Appium Training from Sauce Labs
Selenium and Appium Training from Sauce LabsSelenium and Appium Training from Sauce Labs
Selenium and Appium Training from Sauce LabsSauce Labs
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)Danny Preussler
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterPuneet Khanduri
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupMike Long
 
VodQA_ParallelizingCukes_AmanKing
VodQA_ParallelizingCukes_AmanKingVodQA_ParallelizingCukes_AmanKing
VodQA_ParallelizingCukes_AmanKingpoojaelkunchwar
 
Continuous Testing in the Cloud
Continuous Testing in the CloudContinuous Testing in the Cloud
Continuous Testing in the CloudSauce Labs
 
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...Andreas Grabner
 
Super powered API testing
Super powered API testing Super powered API testing
Super powered API testing postmanclient
 
Make Your UI Tests Resilient with the Next Generation of Frameworks
Make Your UI Tests Resilient with the Next Generation of FrameworksMake Your UI Tests Resilient with the Next Generation of Frameworks
Make Your UI Tests Resilient with the Next Generation of FrameworksSatyajit Malugu
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Perforce
 
JavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep DiveJavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep DiveAndreas Grabner
 
Continuous integration & deployment
Continuous integration & deploymentContinuous integration & deployment
Continuous integration & deploymentAlan Harper
 
Careful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App DevelopmentCareful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App Development3scale
 
Oscon presentation
Oscon presentationOscon presentation
Oscon presentationgarrettmoon
 
SauceCon 2017: Testing @ the Speed of Concurrency
SauceCon 2017: Testing @ the Speed of ConcurrencySauceCon 2017: Testing @ the Speed of Concurrency
SauceCon 2017: Testing @ the Speed of ConcurrencySauce Labs
 

What's hot (20)

Building serverless-applications
Building serverless-applicationsBuilding serverless-applications
Building serverless-applications
 
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
 
Mobile Testing Tips - Let's achieve fast feedback loops
Mobile Testing Tips - Let's achieve fast feedback loopsMobile Testing Tips - Let's achieve fast feedback loops
Mobile Testing Tips - Let's achieve fast feedback loops
 
Speed upyourtest with_appium
Speed upyourtest with_appiumSpeed upyourtest with_appium
Speed upyourtest with_appium
 
PyCon Ukraine 2014
PyCon Ukraine 2014PyCon Ukraine 2014
PyCon Ukraine 2014
 
Selenium and Appium Training from Sauce Labs
Selenium and Appium Training from Sauce LabsSelenium and Appium Training from Sauce Labs
Selenium and Appium Training from Sauce Labs
 
TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)TDD on android. Why and How? (Coding Serbia 2019)
TDD on android. Why and How? (Coding Serbia 2019)
 
Diffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ TwitterDiffy : Automatic Testing of Microservices @ Twitter
Diffy : Automatic Testing of Microservices @ Twitter
 
Continuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetupContinuous delivery of embedded systems embedded meetup
Continuous delivery of embedded systems embedded meetup
 
VodQA_ParallelizingCukes_AmanKing
VodQA_ParallelizingCukes_AmanKingVodQA_ParallelizingCukes_AmanKing
VodQA_ParallelizingCukes_AmanKing
 
Continuous Testing in the Cloud
Continuous Testing in the CloudContinuous Testing in the Cloud
Continuous Testing in the Cloud
 
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
 
Super powered API testing
Super powered API testing Super powered API testing
Super powered API testing
 
Make Your UI Tests Resilient with the Next Generation of Frameworks
Make Your UI Tests Resilient with the Next Generation of FrameworksMake Your UI Tests Resilient with the Next Generation of Frameworks
Make Your UI Tests Resilient with the Next Generation of Frameworks
 
Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)Effective Code Review (Or How To Alienate Your Coworkers)
Effective Code Review (Or How To Alienate Your Coworkers)
 
JavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep DiveJavaOne 2015: Top Performance Patterns Deep Dive
JavaOne 2015: Top Performance Patterns Deep Dive
 
Continuous integration & deployment
Continuous integration & deploymentContinuous integration & deployment
Continuous integration & deployment
 
Careful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App DevelopmentCareful - APIs Inside: Testing and Monitoring for App Development
Careful - APIs Inside: Testing and Monitoring for App Development
 
Oscon presentation
Oscon presentationOscon presentation
Oscon presentation
 
SauceCon 2017: Testing @ the Speed of Concurrency
SauceCon 2017: Testing @ the Speed of ConcurrencySauceCon 2017: Testing @ the Speed of Concurrency
SauceCon 2017: Testing @ the Speed of Concurrency
 

Similar to Agile Testing Days 2018 USA - API Testing Fundamentals

10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 201510 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015Peter Sabev
 
Use Jenkins For Continuous Load Testing And Mobile Test Automation
Use Jenkins For Continuous Load Testing And Mobile Test AutomationUse Jenkins For Continuous Load Testing And Mobile Test Automation
Use Jenkins For Continuous Load Testing And Mobile Test AutomationClever Moe
 
STARWest: Use Jenkins For Continuous 
Load Testing And Mobile Test Automation
STARWest: Use Jenkins For Continuous 
Load Testing And Mobile Test AutomationSTARWest: Use Jenkins For Continuous 
Load Testing And Mobile Test Automation
STARWest: Use Jenkins For Continuous 
Load Testing And Mobile Test AutomationClever Moe
 
Continuous Integration, Deploy, Test From Beginning To End 2014
Continuous Integration, Deploy, Test From Beginning To End 2014Continuous Integration, Deploy, Test From Beginning To End 2014
Continuous Integration, Deploy, Test From Beginning To End 2014Clever Moe
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016Dan Cuellar
 
Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401Amazon Web Services
 
5 Steps to Jump Start Your Test Automation
5 Steps to Jump Start Your Test Automation5 Steps to Jump Start Your Test Automation
5 Steps to Jump Start Your Test AutomationSauce Labs
 
Getting your mobile test automation process in place - using Cucumber and Cal...
Getting your mobile test automation process in place - using Cucumber and Cal...Getting your mobile test automation process in place - using Cucumber and Cal...
Getting your mobile test automation process in place - using Cucumber and Cal...Niels Frydenholm
 
Uber’s Fascinating World of Inter-App Communications
Uber’s Fascinating World of Inter-App CommunicationsUber’s Fascinating World of Inter-App Communications
Uber’s Fascinating World of Inter-App CommunicationsJosiah Renaudin
 
Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017JoEllen Carter
 
Api fundamentals
Api fundamentalsApi fundamentals
Api fundamentalsAgileDenver
 
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016Ori Bendet
 
Appium & Selenium Alone vs Appium & Selenium with Perfecto
Appium & Selenium Alone vs Appium & Selenium with PerfectoAppium & Selenium Alone vs Appium & Selenium with Perfecto
Appium & Selenium Alone vs Appium & Selenium with PerfectoLizzy Guido (she/her)
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAmazon Web Services
 
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloudITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloudIstanbul Tech Talks
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinMatt Tesauro
 
Justin Ison
Justin IsonJustin Ison
Justin IsonCodeFest
 
Matt Eakin - The New Tester Skillset
Matt Eakin - The New Tester SkillsetMatt Eakin - The New Tester Skillset
Matt Eakin - The New Tester SkillsetQA or the Highway
 

Similar to Agile Testing Days 2018 USA - API Testing Fundamentals (20)

10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 201510 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
 
Use Jenkins For Continuous Load Testing And Mobile Test Automation
Use Jenkins For Continuous Load Testing And Mobile Test AutomationUse Jenkins For Continuous Load Testing And Mobile Test Automation
Use Jenkins For Continuous Load Testing And Mobile Test Automation
 
STARWest: Use Jenkins For Continuous 
Load Testing And Mobile Test Automation
STARWest: Use Jenkins For Continuous 
Load Testing And Mobile Test AutomationSTARWest: Use Jenkins For Continuous 
Load Testing And Mobile Test Automation
STARWest: Use Jenkins For Continuous 
Load Testing And Mobile Test Automation
 
Continuous Integration, Deploy, Test From Beginning To End 2014
Continuous Integration, Deploy, Test From Beginning To End 2014Continuous Integration, Deploy, Test From Beginning To End 2014
Continuous Integration, Deploy, Test From Beginning To End 2014
 
Selenium Camp 2016
Selenium Camp 2016Selenium Camp 2016
Selenium Camp 2016
 
Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401
 
5 Steps to Jump Start Your Test Automation
5 Steps to Jump Start Your Test Automation5 Steps to Jump Start Your Test Automation
5 Steps to Jump Start Your Test Automation
 
Getting your mobile test automation process in place - using Cucumber and Cal...
Getting your mobile test automation process in place - using Cucumber and Cal...Getting your mobile test automation process in place - using Cucumber and Cal...
Getting your mobile test automation process in place - using Cucumber and Cal...
 
Uber’s Fascinating World of Inter-App Communications
Uber’s Fascinating World of Inter-App CommunicationsUber’s Fascinating World of Inter-App Communications
Uber’s Fascinating World of Inter-App Communications
 
Application Delivery Patterns
Application Delivery PatternsApplication Delivery Patterns
Application Delivery Patterns
 
Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017Api FUNdamentals #MHA2017
Api FUNdamentals #MHA2017
 
Api fundamentals
Api fundamentalsApi fundamentals
Api fundamentals
 
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
 
Appium & Selenium Alone vs Appium & Selenium with Perfecto
Appium & Selenium Alone vs Appium & Selenium with PerfectoAppium & Selenium Alone vs Appium & Selenium with Perfecto
Appium & Selenium Alone vs Appium & Selenium with Perfecto
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
 
Appium vs Espresso and XCUI Test
Appium vs Espresso and XCUI TestAppium vs Espresso and XCUI Test
Appium vs Espresso and XCUI Test
 
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloudITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
ITT 2015 - Vincent Garrigues - Continuous Integration at SoundCloud
 
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austinDev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
Dev ops ci-ap-is-oh-my_security-gone-agile_ut-austin
 
Justin Ison
Justin IsonJustin Ison
Justin Ison
 
Matt Eakin - The New Tester Skillset
Matt Eakin - The New Tester SkillsetMatt Eakin - The New Tester Skillset
Matt Eakin - The New Tester Skillset
 

More from JoEllen Carter

Agile Testing Days 2018 - API Fundamentals - postman collection
Agile Testing Days 2018 - API Fundamentals - postman collectionAgile Testing Days 2018 - API Fundamentals - postman collection
Agile Testing Days 2018 - API Fundamentals - postman collectionJoEllen Carter
 
Mapping Mashup Story Mapping Exercise 3 uncolored cards
Mapping Mashup Story Mapping Exercise 3 uncolored cardsMapping Mashup Story Mapping Exercise 3 uncolored cards
Mapping Mashup Story Mapping Exercise 3 uncolored cardsJoEllen Carter
 
Mapping Mashup Exercise solutions
Mapping Mashup Exercise solutionsMapping Mashup Exercise solutions
Mapping Mashup Exercise solutionsJoEllen Carter
 
Mapping Mashup Exercise handouts
Mapping Mashup Exercise handoutsMapping Mashup Exercise handouts
Mapping Mashup Exercise handoutsJoEllen Carter
 
Atd 2016-mapping-mashup
Atd 2016-mapping-mashupAtd 2016-mapping-mashup
Atd 2016-mapping-mashupJoEllen Carter
 
Agile testing to build the right thing - Lisa Crispin and JoEllen Carter
Agile testing to build the right thing - Lisa Crispin and JoEllen CarterAgile testing to build the right thing - Lisa Crispin and JoEllen Carter
Agile testing to build the right thing - Lisa Crispin and JoEllen CarterJoEllen Carter
 

More from JoEllen Carter (6)

Agile Testing Days 2018 - API Fundamentals - postman collection
Agile Testing Days 2018 - API Fundamentals - postman collectionAgile Testing Days 2018 - API Fundamentals - postman collection
Agile Testing Days 2018 - API Fundamentals - postman collection
 
Mapping Mashup Story Mapping Exercise 3 uncolored cards
Mapping Mashup Story Mapping Exercise 3 uncolored cardsMapping Mashup Story Mapping Exercise 3 uncolored cards
Mapping Mashup Story Mapping Exercise 3 uncolored cards
 
Mapping Mashup Exercise solutions
Mapping Mashup Exercise solutionsMapping Mashup Exercise solutions
Mapping Mashup Exercise solutions
 
Mapping Mashup Exercise handouts
Mapping Mashup Exercise handoutsMapping Mashup Exercise handouts
Mapping Mashup Exercise handouts
 
Atd 2016-mapping-mashup
Atd 2016-mapping-mashupAtd 2016-mapping-mashup
Atd 2016-mapping-mashup
 
Agile testing to build the right thing - Lisa Crispin and JoEllen Carter
Agile testing to build the right thing - Lisa Crispin and JoEllen CarterAgile testing to build the right thing - Lisa Crispin and JoEllen Carter
Agile testing to build the right thing - Lisa Crispin and JoEllen Carter
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Agile Testing Days 2018 USA - API Testing Fundamentals

  • 1. •Open the Trello board at https://goo.gl/U8hdro •Download the Postman desktop app from https://www.getpostman.com/ and follow the installation instructions. No dogs were actually washed in the production of these slides. Get a headstart on API Testing FUNdamentals!
  • 2. Show of feet (stand up) - who is willing to share their screen (with Postman) with someone? Hands-on for everyone is preferred. Let's self-organize - Screen folk, keep standing. Screenless folk, re-locate to be near a screen. Not enough screens? Follow along with Dan. Move up front and grab a seat near Dan. Screen logistics
  • 3. API Testing FUNdamentals JoEllen Carter / Dan Gilkerson
  • 4. What’s so fun about testing an Application Programming Interface?
  • 5.
  • 6.
  • 7. Do restful APIs take naps?
  • 9. When does the fun start?
  • 13. Exploratory Testing • Identify the variable bits - things that can/will/might change • Apply Heuristics to the variables • Zero, One, Many • Some, None, All • Beginning, Middle, End • Too Many, Too Few • Relative Position, i.e. content
  • 14. Functional, Contract, & Integration • Basic • Correct status codes are generated for invalid inputs • Request/response bodies contain the correct content type and schema • Backwards-compatibility for public APIs • Advanced • Join API requests together to mirror application functionality
  • 15. Performance & Security • Performance • Response times under different conditions • Basic Security • Authentication tokens are valid/present • Authorization - account boundaries are not violated • SSL is enforced/warned when not present • Advanced Security • Injection points – headers, parameters, body • Recording tools – what is exposed/available • Rest Security Cheat Sheet; OWASP top 10 security vulnerabilities
  • 16. To Infinity and Beyond! • API tests are part of your CI/CD pipeline • Newman - command line runner for Postman collections • Runscope - great for testing incoming requests, a la webhooks • Augment unit tests by crossing component boundaries • Tests are accessible to developers to run locally • Tests are purpose-specific - don’t test everything at one time
  • 17. How much fun did we have?
  • 18. Links ProgrammableWeb API Security Testing OWASP Top 10 Project List of HTTP Header fields Varonis - Introduction to Oauth Oauth.net Understanding rest and rpc http://kanyerest.xyz/
  • 19. Thank you! JoEllen Carter @testacious Dan Gilkerson @dangilkerson