Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Understanding and testing restful web services

1,836 views

Published on

Slides for the workshop 'Understanding and testing restful web services'

Published in: Technology
  • Be the first to comment

Understanding and testing restful web services

  1. 1. UNDERSTANDING AND TESTING RESTFUL WEB SERVICES PLEASE INSTALL POSTMAN - REST Client POSTMAN Interceptor www.getpostman.com www.getpostman.com/features#interceptor Created by /Mark Winteringham @mwtestconsult
  2. 2. ABOUT ME... - - - www.mwtestconsultancy.co.uk @mwtestconsult linkedin.com/in/markwinteringham
  3. 3. WORKSHOP GOALS Explore the basics of a RESTful WebServices Build requests to query and manipulate data Try out different test design techniques Going forward with the skills you've learnt
  4. 4. WELCOME TO 'THE BEST AT REST LTD' Creators of RESTFUL-BOOKER A restful webservice that allows hotels to store booking details about their guests
  5. 5. RESTFUL-BOOKER REQUIREMENTS 1. Must be able to create, read, update and delete bookings 2. Bookings must be searchable 3. Bookings must store the following items Guests name The price of their booking Whether they have paid a deposit The dates of their booking Any additional needs
  6. 6. GITHUB REPOS Restful booker: Slides: www.github.com/mwinteringham/restful-booker www.github.com/mwinteringham/reveal.js
  7. 7. POSTMAN Our test tool for the workshop
  8. 8. RESTFUL WEB SERVICE
  9. 9. WEB SERVICE 'A Web service is a software system designed to support interoperable machine-to-machine interaction over a network.' http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/#webservice
  10. 10. Mobile to Web Service UI Backend
  11. 11. Web Service to Web Service Reports Search
  12. 12. A service-oriented architecture
  13. 13. WHAT MAKES A SERVICE RESTFUL? Stateless Cacheable Uniform Interface Client-Server Layered System Code on Demand Identify a resource Manipulate a resource URIs HTTP A web service has to use specific standards to: http://c2.com/cgi/wiki?RestArchitecturalStyle
  14. 14. A RESTFUL WEB SERVICE EXAMPLE http://adrianmejia.com/blog/2014/10/01/creating-a-restful-api-tutorial-with-nodejs-and-mongodb/
  15. 15. REST-REPORTER https://github.com/mwinteringham/restful-booker rest-reporter is a C.R.U.D. service
  16. 16. CREATE READ UPDATE DELETE
  17. 17. READ
  18. 18. A TYPICAL HTTP READ REQUEST URI Path RI Host
  19. 19. UNIFORM RESOURCE IDENTIFIERS Resource Booking resource 1 _id: 5534e8cdbb97c77e0eb7ae51 Something the service exposes to the end user to interact with such as an image, video, html, text, etc. GET /booking/5534e8cdbb97c77e0eb7ae51
  20. 20. UNIFORM RESOURCE IDENTIFIERS scheme ://host :port /resource ?queryString http://localhost:3001/booking?name=mary
  21. 21. QUERY STRINGS A query string indicates additional actions you might want to apply to the resource/resources you want Returns all bookings between two dates whereas: GET /booking?checkin=2014-03-13&checkout=2014-05-21 Returns all the bookings GET /booking
  22. 22. CREATING QUERY STRINGS Query strings start with a ? after the resource path Are declared as key=value Multiple query declarations are joined using & For example: GET /booking?checkin=2014-03-13&checkout=2014-05-21
  23. 23. A TYPICAL HTTP READ REQUEST HTTP Verb
  24. 24. HTTP VERBS HTTP methods indicate an action the user would like to do on a resource CREATE = POST READ = GET UPDATE = PUT DELETE = DELETE
  25. 25. VERBS IN ACTION GET - Returns current bookings POST - Creates a new booking http://localhost:3001/booking http://localhost:3001/booking OPTION http://localhost:3001/booking Returns which Verbs can be used on a URI
  26. 26. A TYPICAL HTTP READ REQUEST eaders
  27. 27. HTTP HEADERS Define the operating parameters of an HTTP request such as: What is requesting the resource What format the resource should be in Authorisation that the resource can be requested And more: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
  28. 28. HTTP HEADERS Adding headers can alter the behaviour of the service and its response Key: Value Outcome Accept: application/json JSON is returned Accept: application/xml XML is returned
  29. 29. A TYPICAL HTTP RESPONSE HTTP Status code
  30. 30. HTTP STATUS CODES Indicator of how the server has responded to the request you've sent 1xx Informational 2xx Success 3xx Redirection 4xx Client Error 5xx Server Error https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
  31. 31. TYPICAL HTTP STATUS CODES 200 Server has carried out its actions successfully 404 URI path doesn't exist 403 You're not authorised to access the path 500 Server error 503 Service is unavailable
  32. 32. A TYPICAL HTTP RESPONSE Payload
  33. 33. TYPES OF PAYLOADS JSON id":"5534e8cdbb97c77e0eb7ae65", irstName":"Jim", astName":"Wilson", otalPrice":787, epositPaid":false, dditionalNeeds": "Breakfast", ookingDates":{ "checkIn":"2013-08-10T22:34:22", "checkOut":"2015-03-23T14:00:00" XML <_id>5534e8cdbb97c77e0eb7ae65</_id> <firstName>Jim</firstName> <lastName>Wilson</lastName> <totalPrice>787</totalPrice> <depositPaid>false</depositPaid> <additionalNeeds>Breakfast</additionalNeeds > <bookingDates> <checkIn>2013-08-10T22:34:22</checkIn> <checkOut>2015-03-23T14:00:00</checkOut > </bookingDates> HTML <p>5534e8cdbb97c77e0eb7ae65</p> <p>Jim</p> <p>Wilson</p> <p>787</p> <p>false</p> <p>breakfast</p> <ul> <li>2013-08-10T22:34:22</li> <li>2015-03-23T14:00:00</li> </ul>
  34. 34. ITERATION ONE - INVESTIGATING READ USERS STORIES As a user of restful-booker I want to be able to view all current booking IDs So that I can choose an ID to view the booking of GET /booking As a user of restful-booker I want to be able to search on the booking dates So that I can filter the relevant booking IDs I require GET /booking? checkin=*&checkout=* As a user of restful-booker I want to be able to retrieve a booking using its ID So that I can view the details of that booking GET /booking/{id} API can be found at: github.com/mwinteringham/restful-booker
  35. 35. What did you learn?
  36. 36. CREATE
  37. 37. A TYPICAL HTTP CREATE REQUEST Change in HTTP Verb ayload
  38. 38. PAYLOAD A representation of the resource you want to create through the service The parameters and the structure of the payload have strict rules. Which can also be known as a 'contract'
  39. 39. XML PAYLOADS <booking> <firstName>Mark</firstName> <lastName>test</lastName> <totalPrice>300.00</totalPrice> <depositPaid>true</depositPaid> <additionalNeeds>Breakfast</additionalNeeds> <bookingDates> <checkIn>11/11/2014</checkIn> <checkOut>12/11/2014</checkOut> </bookingDates> </booking> https://en.wikipedia.org/wiki/XML
  40. 40. JSON PAYLOADS { "firstName": "Mark", "lastName": "test", "totalPrice": 300.00, "depositPaid": true, "additionalNeeds": "Breakfast", "bookingDates": { "checkIn": "11/11/2014", "checkOut": "12/11/2014" } } http://json.org/
  41. 41. DATA TYPES { "firstName": "Mark", "lastName": "test", "totalPrice": 300.00, "depositPaid": true, "additionalNeeds": "Breakfast", "bookingDates": { "checkIn": "11/11/2014", "checkOut": "12/11/2014" } } String Number Boolean Dates (String)
  42. 42. ROBUSTNESS PRINCIPLE `Be conservative in what you do, be liberal in what you accept from others` Postel's law When sending a payload the service should conform to the contract being sent When receiving a payload the service should accept invalid data without error
  43. 43. POST RELATED HEADERS Key Value Content-Type: application/json, text/xml Content-Length: 157
  44. 44. ITERATION TWO - INVESTIGATING CREATE USER STORIES As a user of restful-booker I want to be able to create So that I can choose an ID to view the booking of POST /booking API can be found at: github.com/mwinteringham/restful-booker
  45. 45. What did you learn?
  46. 46. UPDATE/DELETE
  47. 47. AUTHORISATION Services generally have one or more layers of security such as: Basic access authentication Cookie based authentication This isn't an exhaustive list There may be other layers of security in place
  48. 48. HTTP HEADERS - COOKIES Cookies are also a type of header and can be added to a request Cookie: COOKIEVAL1=abc; COOKIEVAL2=def;
  49. 49. BASIC ACCESS AUTHENTICATION Comes in the form of a header Authorization Basic Base64(username:password) Authorization Basic dXNlcm5hbWU6cGFzc3dvcmQ= https://en.wikipedia.org/wiki/Basic_access_authentication
  50. 50. COOKIE BASED AUTHENTICATION POST /auth { username: admin, password: password123 } Response Set-Cookie: token=abc123 DELETE /booking/{id} Cookie: token=abc123
  51. 51. PUT Similar to POST but rather than create it updates However, in the real world that might not be the case: PUT vs POST in REST
  52. 52. DELETE Similar to GET but it deletes rather than reads the resource
  53. 53. ITERATION THREE - INVESTIGATING UPDATE / DELETE USER STORIES As a user of restful-booker I want to be able to protect create and delete functions So that I can protect the bookings from being changed or deleted POST /auth As a user of restful-booker I want to be able to update a pre- existing booking using its ID So that I can correct and errors made in a booking PUT /booking/{id} As a user of restful-booker I want to be able to delete a booking using its ID So that I can remove the booking DELETE /booking/{id} API can be found at: github.com/mwinteringham/restful-booker
  54. 54. What did you learn?
  55. 55. TAKING RESTFUL TESTING FURTHER
  56. 56. Mobile to Web Service UI UI testing Backend RESTful testing
  57. 57. AUTOMATION?
  58. 58. WRAPPING UP
  59. 59. THANK YOU Restful-booker - https://github.com/mwinteringham/restful-booker Slides - https://github.com/mwinteringham/reveal.js

×