SlideShare a Scribd company logo

API testing - Japura.pptx

Download as PPTX, PDF
T
TharindaLiyanage1

The document provides an overview of API testing using Postman. It discusses testing APIs to verify functionality, status codes, response validation, data accuracy, performance, and security. The document outlines the different types of tests that can be performed in Postman, including tests for functionality, response validation, data accuracy, performance, and security. It also demonstrates how to write test scripts in Postman to validate responses, headers, response times, and security headers. The document uses an example API for a book management system to demonstrate setting up a test environment and collection in Postman, and writing tests to validate the API functionality.

Education
1 of 36
99x.io Web API testing with Postman By : Tharinda Liyanage
Agenda • Software Testing and Test pyramid • About APIs- classifications of APIs • RESTful Web APIs • Execute APIs using Postman • Testing APIs with Postman • Other features available with Postman • Q&A
Software Testing • The primary goal of software testing is to ensure that the software functions correctly, meets its intended requirements, and delivers a satisfactory user experience. • Quality Assurance/ quality control activities • Functional and nonfunctional testing through manual and automated means • Unit tests, API integration testing, Automated end to end testing, Exploratory testing • API testing- GUI less . Tests are based on Request-Response and mainly focus on testing the business logic
Software Test Pyramid
What is an API • Application Programming Interface: Is a set of rules, protocols, and tools that allows different software applications to communicate with each other • It works as a bridge that enables one piece of software to use the functionality of another piece of software, without needing to understand all the internal details of how that software works (based on Specification) • APIs specify the functions or methods that can be called by developers to perform specific actions or operations. • Different types of API • OS APIs (Windows, Android) • DB APIs • Cloud APIs • Social media APIs • Web APIs • are exposed over the internet (HTTP/HTTPS) for remote access by other applications or developers.
Types of Web API
RESTful Web API • REST API= “REpresentational State Transfer” Application Programming Interface • Resources: Are the fundamental units of data that the API exposes. In REST, everything is treated as a resource, and each resource is identified by a unique URL • https://example.com/api/books/ • https://example.com/api/authors/ • https://example.com/api/categories/fiction
HTTP Methods • REST APIs use standard HTTP methods (GET, POST, PUT, PATCH, DELETE) to perform CRUD (Create, Read, Update, Delete) operations on resources.
REST API & JSON • JSON= JavaScript Object Notation • REST uses JSON as the format for exchanging data between the client and server • JSON data is represented as a collection of key-value pairs. The keys are strings (enclosed in double quotes) { "title": "The Catcher in the Rye", "author": "J.D. Salinger", "publicationyear": 1951, "isbn": "978-0-316-76948-0", "genre": "Coming-of-Age Fiction", "language": "English", "publisher": "Little, Brown and Company", "pagecount": 277, "rating": 4.0 }
What we test in API • Functionality Testing: • Test the functionality of different API endpoints or methods, including both positive and negative test cases. • Verify that the API performs the intended operations, such as creating, reading, updating, and deleting data. • Request and Response Validation: • Verify that API requests are processed correctly and return the expected responses. • Check the correctness of HTTP status codes (e.g., 200 OK, 404 Not Found, 500 Internal Server Error) in response to different requests. • Headers verification (Content-Type, Content-length)) • Data Accuracy: • Ensure that the data returned by the API is accurate and matches the expected values. This includes checking response payloads, data formats (e.g., JSON, XML), and data types (e.g., strings, numbers, dates). • Security Testing: • Conduct security testing to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and other security risks. • Ensure that sensitive data is protected, and access controls are properly implemented. • Performance and Load Testing: • Evaluate the API's performance by measuring response times, throughput, and scalability. • Conduct load testing to determine how the API performs under heavy loads and concurrent requests. The goal is to ensure that the API functions correctly and meets its intended requirements
1.Functionality verification 2.Status code verification 3.JSON schema verification 4.Response body verification 5.Header verification 6.Performance (response time, error rate) 7.Security (sec headers, auth etc.) We can perform test manually and using test scripts in Postman What we test in API
Postman • https://www.postman.com/ • Current version 10 • Postman is an API platform for building and Testing APIs • Create an Postman account to access all the features and Postman cloud • VS code plugin and browser extensions also available • Free and paid license • Features available for scheduling, performance testing
Demo use case • Part of “Book management” Restful web service has been developed (the backend), but there is no front-end UI is created yet, But still we need to verify that backend methods are working as expected. • Search/Read all books • Search/Read a book based on ID or ISBN • Create a book • Update book • Delete book
Demo scenarios • Create a workspace • Create a collection • Add requests • Create Environment • Parameterization through variables stored in Environment and collection • Write and execute Tests scripts (expected vs actual)
Environment details http://52.230.26.246:3000/
API Endpoints GET http://52.230.26.246:3000/api/books GET http://52.230.26.246:3000/books?isbn=978-0-544- 27349-9&id=64ec4940ef68ef5a1e9b0d69 1. GET All Books 2. GET a book by ID OR/AND ISBN
API Endpoints GET http://52.230.26.246:3000/api/books/6502de862a9942dab57de107 POST http://52.230.26.246:3000/api/books 3. GET book by ID 4. Create a new book { "title": "The Catcher in the Rye", "author": "J.D. Salinger", "publicationyear": 1951, "isbn": "978-0-316-76948-0", "genre": "Coming-of-Age Fiction", "language": "English", "publisher": "Little, Brown and Company", "pagecount": 277, "rating": 4 }
API Endpoints PUT http://52.230.26.246:3000/api/books/6502de862a9942dab57de107 PATCH http://52.230.26.246:3000/api/books/6502de862a9942dab57de107 5. Update book 6. Partially Update book { "title": "The Catcher in the Rye", "author": "J.D. Salinger", "publicationyear": 1966, "isbn": "978-0-316-76948-0", "genre": "Coming-of-Age Fiction", "language": "English", "publisher": "Little, Brown and Company", "pagecount": 277, "rating": 4 } { "language": "English" }
API Endpoints DELETE http://52.230.26.246:3000/api/books/6502de862a9942dab57de107 5. Delete book
Variables • Scope: • Global • Environment • Collection • Creation: • Manually • Programmatically • Usage: {{variable name}}
Writing Test scripts in Postman • Write tests manually • Use code snippets • Ask AI bot to create tests Write tests using "pm" object pm.test pm.expect pm.response pm.environment pm.test(“name of the test", function () { //code and test assertions });
Test to verify response status code • 3-digit codes that indicates outcome of an API request • They are included in the API response
Test to verify response status code
Test to verify properties of the response
Test to verify headers Headers are metadata components of an HTTP request or response that provide information about the data being sent or received Request Headers: •Host: Specifies the domain name of the target server. •User-Agent: Provides information about the client making the request (e.g., the browser and its version). •Accept: Indicates the media types (e.g., HTML, XML, JSON) that the client can process. •Authorization: Contains credentials to authenticate the client with the server. •Cookie: Carries client-specific data for server sessions. Response Headers: •Status Code: Informs the client about the result of the request (e.g., 200 for success, 404 for not found, 500 for server error). •Content-Type: Specifies the format of the content (e.g., text/html, application/json). •Content-Length: Indicates the size of the response content in bytes.
Test to verify headers
Test to verify Performance Performance testing for APIs is essential to ensure that APIs can handle the expected load and perform efficiently under various conditions Response Time Measurement: Measure the response times for API requests under different load conditions and compare them to performance objectives. Load Testing: Conduct load testing to determine how the API behaves under expected load conditions. Gradually increase the load until performance degrades or fails to meet your defined criteria. Stress Testing: Perform stress testing by increasing the load beyond the system's expected capacity. This helps identify the system's breaking point and any potential bottlenecks or performance issues under extreme conditions. Scalability Testing: Evaluate the API's scalability by adding more resources, such as servers, and measuring how it responds to increased demand
Test to verify response time
Test to verify API security Authentication and Authorization Testing Input Validation and Parameter Tampering Testing: Rate Limiting and Resource Throttling Security Scanning and Penetration Testing Security Headers and CORS Policies Security testing for APIs (Application Programming Interfaces) is crucial to ensure the security of data and resources in your application
Test to verify security headers HTTP security headers are a set of HTTP response headers that web servers can use to enhance the security of web applications and protect against various web-related attacks. X-Powered-By header describes the technologies used by the webserver. This information exposes the server to attackers Strict-Transport-Security (HSTS): HSTS ensures that a web application communicates over HTTPS only, even if the user tries to access it via HTTP. This helps prevent man-in-the-middle attacks and SSL-stripping. X-Frame-Options: This header helps prevent clickjacking attacks by specifying whether a web page can be displayed in an iframe. It can be set to "DENY" to disallow framing, or "SAMEORIGIN" to allow framing only from the same origin.
Test to verify security headers
Other features • Collection runs –manually, scheduled, CI pipeline​ • Performance testing
Q&A
99x.io Thank You!

Recommended

Postman: An Introduction for Testers
Postman: An Introduction for TestersPostman: An Introduction for Testers
Postman: An Introduction for Testers
Postman
 
КАТЕРИНА АБЗЯТОВА - Getting ready for ISTQB Foundation 4.0: Overview and Q&A ...
КАТЕРИНА АБЗЯТОВА - Getting ready for ISTQB Foundation 4.0: Overview and Q&A ...КАТЕРИНА АБЗЯТОВА - Getting ready for ISTQB Foundation 4.0: Overview and Q&A ...
КАТЕРИНА АБЗЯТОВА - Getting ready for ISTQB Foundation 4.0: Overview and Q&A ...
QADay
 
Load Testing with k6 framework
Load Testing with k6 frameworkLoad Testing with k6 framework
Load Testing with k6 framework
Svetlin Nakov
 
Postman An Introduction for Testers, October 26 2022.pptx
Postman An Introduction for Testers, October 26 2022.pptxPostman An Introduction for Testers, October 26 2022.pptx
Postman An Introduction for Testers, October 26 2022.pptx
Postman
 
Api testing
Api testingApi testing
Api testing
Keshav Kashyap
 
API Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonAPI Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj Rollison
TEST Huddle
 
2015-StarWest presentation on REST-assured
2015-StarWest presentation on REST-assured2015-StarWest presentation on REST-assured
2015-StarWest presentation on REST-assured
Eing Ong
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
Fachrul Choliluddin
 

Recommended

Postman: An Introduction for Testers
Postman: An Introduction for TestersPostman: An Introduction for Testers
Postman: An Introduction for Testers
Postman
 
КАТЕРИНА АБЗЯТОВА - Getting ready for ISTQB Foundation 4.0: Overview and Q&A ...
КАТЕРИНА АБЗЯТОВА - Getting ready for ISTQB Foundation 4.0: Overview and Q&A ...КАТЕРИНА АБЗЯТОВА - Getting ready for ISTQB Foundation 4.0: Overview and Q&A ...
КАТЕРИНА АБЗЯТОВА - Getting ready for ISTQB Foundation 4.0: Overview and Q&A ...
QADay
 
Load Testing with k6 framework
Load Testing with k6 frameworkLoad Testing with k6 framework
Load Testing with k6 framework
Svetlin Nakov
 
Postman An Introduction for Testers, October 26 2022.pptx
Postman An Introduction for Testers, October 26 2022.pptxPostman An Introduction for Testers, October 26 2022.pptx
Postman An Introduction for Testers, October 26 2022.pptx
Postman
 
Api testing
Api testingApi testing
Api testing
Keshav Kashyap
 
API Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonAPI Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj Rollison
TEST Huddle
 
2015-StarWest presentation on REST-assured
2015-StarWest presentation on REST-assured2015-StarWest presentation on REST-assured
2015-StarWest presentation on REST-assured
Eing Ong
 
Belajar Postman test runner
Belajar Postman test runnerBelajar Postman test runner
Belajar Postman test runner
Fachrul Choliluddin
 
Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
Adam Paxton
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API Testing
Sauce Labs
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API Testing
Bruno Pedro
 
Performance and load testing
Performance and load testingPerformance and load testing
Performance and load testingsonukalpana
 
API Testing for everyone.pptx
API Testing for everyone.pptxAPI Testing for everyone.pptx
API Testing for everyone.pptx
Pricilla Bilavendran
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
API_Testing_with_Postman
API_Testing_with_PostmanAPI_Testing_with_Postman
API_Testing_with_Postman
Mithilesh Singh
 
Api testing
Api testingApi testing
Api testing
HamzaMajid13
 
Test automation process
Test automation processTest automation process
Test automation process
Bharathi Krishnamurthi
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
Postman
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman API
Postman
 
Hybrid Automation Framework Development introduction
Hybrid Automation Framework Development introductionHybrid Automation Framework Development introduction
Hybrid Automation Framework Development introduction
Ganuka Yashantha
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
Andy Hoernecke
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
Building a Test Automation Strategy for Success
Building a Test Automation Strategy for SuccessBuilding a Test Automation Strategy for Success
Building a Test Automation Strategy for Success
Lee Barnes
 
Appium ppt
Appium pptAppium ppt
Appium ppt
natashasweety7
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
GraphQL: Enabling a new generation of API developer tools
GraphQL: Enabling a new generation of API developer toolsGraphQL: Enabling a new generation of API developer tools
GraphQL: Enabling a new generation of API developer tools
Sashko Stubailo
 
B4USolution_API-Testing
B4USolution_API-TestingB4USolution_API-Testing
B4USolution_API-Testing
b4usolution .
 
API Testing with Open Source Code and Cucumber
API Testing with Open Source Code and CucumberAPI Testing with Open Source Code and Cucumber
API Testing with Open Source Code and Cucumber
SmartBear
 

More Related Content

What's hot

Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
Adam Paxton
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API Testing
Sauce Labs
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API Testing
Bruno Pedro
 
Performance and load testing
Performance and load testingPerformance and load testing
Performance and load testingsonukalpana
 
API Testing for everyone.pptx
API Testing for everyone.pptxAPI Testing for everyone.pptx
API Testing for everyone.pptx
Pricilla Bilavendran
 
Kong
KongKong
Kong
Troublemaker Khunpech
 
API_Testing_with_Postman
API_Testing_with_PostmanAPI_Testing_with_Postman
API_Testing_with_Postman
Mithilesh Singh
 
Api testing
Api testingApi testing
Api testing
HamzaMajid13
 
Test automation process
Test automation processTest automation process
Test automation process
Bharathi Krishnamurthi
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
Postman
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
n|u - The Open Security Community
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman API
Postman
 
Hybrid Automation Framework Development introduction
Hybrid Automation Framework Development introductionHybrid Automation Framework Development introduction
Hybrid Automation Framework Development introduction
Ganuka Yashantha
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
Andy Hoernecke
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
Building a Test Automation Strategy for Success
Building a Test Automation Strategy for SuccessBuilding a Test Automation Strategy for Success
Building a Test Automation Strategy for Success
Lee Barnes
 
Appium ppt
Appium pptAppium ppt
Appium ppt
natashasweety7
 
Api Testing
Api TestingApi Testing
Api Testing
Vishwanath KC
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
Siddharth Sharma
 
GraphQL: Enabling a new generation of API developer tools
GraphQL: Enabling a new generation of API developer toolsGraphQL: Enabling a new generation of API developer tools
GraphQL: Enabling a new generation of API developer tools
Sashko Stubailo
 

What's hot (20)

Designing APIs with OpenAPI Spec
Designing APIs with OpenAPI SpecDesigning APIs with OpenAPI Spec
Designing APIs with OpenAPI Spec
 
An Introduction To Automated API Testing
An Introduction To Automated API TestingAn Introduction To Automated API Testing
An Introduction To Automated API Testing
 
How to Automate API Testing
How to Automate API TestingHow to Automate API Testing
How to Automate API Testing
 
Performance and load testing
Performance and load testingPerformance and load testing
Performance and load testing
 
API Testing for everyone.pptx
API Testing for everyone.pptxAPI Testing for everyone.pptx
API Testing for everyone.pptx
 
Kong
KongKong
Kong
 
API_Testing_with_Postman
API_Testing_with_PostmanAPI_Testing_with_Postman
API_Testing_with_Postman
 
Api testing
Api testingApi testing
Api testing
 
Test automation process
Test automation processTest automation process
Test automation process
 
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Driving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman APIDriving Pipeline Automation With Newman and the Postman API
Driving Pipeline Automation With Newman and the Postman API
 
Hybrid Automation Framework Development introduction
Hybrid Automation Framework Development introductionHybrid Automation Framework Development introduction
Hybrid Automation Framework Development introduction
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
 
Api Testing
Api TestingApi Testing
Api Testing
 
Building a Test Automation Strategy for Success
Building a Test Automation Strategy for SuccessBuilding a Test Automation Strategy for Success
Building a Test Automation Strategy for Success
 
Appium ppt
Appium pptAppium ppt
Appium ppt
 
Api Testing
Api TestingApi Testing
Api Testing
 
API Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNGAPI Testing Using REST Assured with TestNG
API Testing Using REST Assured with TestNG
 
GraphQL: Enabling a new generation of API developer tools
GraphQL: Enabling a new generation of API developer toolsGraphQL: Enabling a new generation of API developer tools
GraphQL: Enabling a new generation of API developer tools
 

Similar to API testing - Japura.pptx

B4USolution_API-Testing
B4USolution_API-TestingB4USolution_API-Testing
B4USolution_API-Testing
b4usolution .
 
API Testing with Open Source Code and Cucumber
API Testing with Open Source Code and CucumberAPI Testing with Open Source Code and Cucumber
API Testing with Open Source Code and Cucumber
SmartBear
 
Webservicex.pdf
Webservicex.pdfWebservicex.pdf
Webservicex.pdf
ssuser751c981
 
Do not automate GUI testing
Do not automate GUI testingDo not automate GUI testing
Do not automate GUI testing
Atila Inovecký
 
What is API test automation
What is API test automation What is API test automation
What is API test automation
Aparna Sharma
 
An introduction to the API for OnTime for IBM
An introduction to the API for OnTime for IBMAn introduction to the API for OnTime for IBM
An introduction to the API for OnTime for IBM
ontimesuite
 
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays
 
Building Better Web APIs with Rails
Building Better Web APIs with RailsBuilding Better Web APIs with Rails
Building Better Web APIs with Rails
All Things Open
 
REST APIs
REST APIsREST APIs
REST APIs
Arthur De Magalhaes
 
API Check Overview - Rigor Monitoring
API Check Overview - Rigor MonitoringAPI Check Overview - Rigor Monitoring
API Check Overview - Rigor Monitoring
Anthony Ferrari
 
automated-automation-of-rest-apis.pptx
automated-automation-of-rest-apis.pptxautomated-automation-of-rest-apis.pptx
automated-automation-of-rest-apis.pptx
Aditya274010
 
Practices and tools for building better APIs
Practices and tools for building better APIsPractices and tools for building better APIs
Practices and tools for building better APIsNLJUG
 
Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)
Peter Hendriks
 
AWS API Gateway
AWS API GatewayAWS API Gateway
AWS API Gateway
Muhammed YALÇIN
 
Practices and Tools for Building Better APIs
Practices and Tools for Building Better APIsPractices and Tools for Building Better APIs
Practices and Tools for Building Better APIs
Peter Hendriks
 
AWS Summit Barcelona 2015 - Introducing Amazon API Gateway
AWS Summit Barcelona 2015 - Introducing Amazon API GatewayAWS Summit Barcelona 2015 - Introducing Amazon API Gateway
AWS Summit Barcelona 2015 - Introducing Amazon API Gateway
Vadim Zendejas
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
Antonio Peric-Mazar
 
Top 11 api testing tools for 2022
Top 11 api testing tools for 2022Top 11 api testing tools for 2022
Top 11 api testing tools for 2022
Aparna Sharma
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
Amazon Web Services
 
Aws Technical Day 2015 - Amazon API Gateway
Aws Technical Day 2015 - Amazon API GatewayAws Technical Day 2015 - Amazon API Gateway
Aws Technical Day 2015 - Amazon API Gateway
aws-marketing-il
 

Similar to API testing - Japura.pptx (20)

B4USolution_API-Testing
B4USolution_API-TestingB4USolution_API-Testing
B4USolution_API-Testing
 
API Testing with Open Source Code and Cucumber
API Testing with Open Source Code and CucumberAPI Testing with Open Source Code and Cucumber
API Testing with Open Source Code and Cucumber
 
Webservicex.pdf
Webservicex.pdfWebservicex.pdf
Webservicex.pdf
 
Do not automate GUI testing
Do not automate GUI testingDo not automate GUI testing
Do not automate GUI testing
 
What is API test automation
What is API test automation What is API test automation
What is API test automation
 
An introduction to the API for OnTime for IBM
An introduction to the API for OnTime for IBMAn introduction to the API for OnTime for IBM
An introduction to the API for OnTime for IBM
 
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...
 
Building Better Web APIs with Rails
Building Better Web APIs with RailsBuilding Better Web APIs with Rails
Building Better Web APIs with Rails
 
REST APIs
REST APIsREST APIs
REST APIs
 
API Check Overview - Rigor Monitoring
API Check Overview - Rigor MonitoringAPI Check Overview - Rigor Monitoring
API Check Overview - Rigor Monitoring
 
automated-automation-of-rest-apis.pptx
automated-automation-of-rest-apis.pptxautomated-automation-of-rest-apis.pptx
automated-automation-of-rest-apis.pptx
 
Practices and tools for building better APIs
Practices and tools for building better APIsPractices and tools for building better APIs
Practices and tools for building better APIs
 
Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)Practices and tools for building better API (JFall 2013)
Practices and tools for building better API (JFall 2013)
 
AWS API Gateway
AWS API GatewayAWS API Gateway
AWS API Gateway
 
Practices and Tools for Building Better APIs
Practices and Tools for Building Better APIsPractices and Tools for Building Better APIs
Practices and Tools for Building Better APIs
 
AWS Summit Barcelona 2015 - Introducing Amazon API Gateway
AWS Summit Barcelona 2015 - Introducing Amazon API GatewayAWS Summit Barcelona 2015 - Introducing Amazon API Gateway
AWS Summit Barcelona 2015 - Introducing Amazon API Gateway
 
Building APIs in an easy way using API Platform
Building APIs in an easy way using API PlatformBuilding APIs in an easy way using API Platform
Building APIs in an easy way using API Platform
 
Top 11 api testing tools for 2022
Top 11 api testing tools for 2022Top 11 api testing tools for 2022
Top 11 api testing tools for 2022
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API Gateway
 
Aws Technical Day 2015 - Amazon API Gateway
Aws Technical Day 2015 - Amazon API GatewayAws Technical Day 2015 - Amazon API Gateway
Aws Technical Day 2015 - Amazon API Gateway
 

Recently uploaded

Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
gb193092
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Atul Kumar Singh
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Group Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana BuscigliopptxGroup Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana Buscigliopptx
ArianaBusciglio
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
timhan337
 

Recently uploaded (20)

Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
Marketing internship report file for MBA
Marketing internship report file for MBAMarketing internship report file for MBA
Marketing internship report file for MBA
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Guidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th SemesterGuidance_and_Counselling.pdf B.Ed. 4th Semester
Guidance_and_Counselling.pdf B.Ed. 4th Semester
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Group Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana BuscigliopptxGroup Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana Buscigliopptx
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Honest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptxHonest Reviews of Tim Han LMA Course Program.pptx
Honest Reviews of Tim Han LMA Course Program.pptx
 

API testing - Japura.pptx

  • 1. 99x.io Web API testing with Postman By : Tharinda Liyanage
  • 2. Agenda • Software Testing and Test pyramid • About APIs- classifications of APIs • RESTful Web APIs • Execute APIs using Postman • Testing APIs with Postman • Other features available with Postman • Q&A
  • 3. Software Testing • The primary goal of software testing is to ensure that the software functions correctly, meets its intended requirements, and delivers a satisfactory user experience. • Quality Assurance/ quality control activities • Functional and nonfunctional testing through manual and automated means • Unit tests, API integration testing, Automated end to end testing, Exploratory testing • API testing- GUI less . Tests are based on Request-Response and mainly focus on testing the business logic
  • 5. What is an API • Application Programming Interface: Is a set of rules, protocols, and tools that allows different software applications to communicate with each other • It works as a bridge that enables one piece of software to use the functionality of another piece of software, without needing to understand all the internal details of how that software works (based on Specification) • APIs specify the functions or methods that can be called by developers to perform specific actions or operations. • Different types of API • OS APIs (Windows, Android) • DB APIs • Cloud APIs • Social media APIs • Web APIs • are exposed over the internet (HTTP/HTTPS) for remote access by other applications or developers.
  • 7.
  • 8. RESTful Web API • REST API= “REpresentational State Transfer” Application Programming Interface • Resources: Are the fundamental units of data that the API exposes. In REST, everything is treated as a resource, and each resource is identified by a unique URL • https://example.com/api/books/ • https://example.com/api/authors/ • https://example.com/api/categories/fiction
  • 9. HTTP Methods • REST APIs use standard HTTP methods (GET, POST, PUT, PATCH, DELETE) to perform CRUD (Create, Read, Update, Delete) operations on resources.
  • 10. REST API & JSON • JSON= JavaScript Object Notation • REST uses JSON as the format for exchanging data between the client and server • JSON data is represented as a collection of key-value pairs. The keys are strings (enclosed in double quotes) { "title": "The Catcher in the Rye", "author": "J.D. Salinger", "publicationyear": 1951, "isbn": "978-0-316-76948-0", "genre": "Coming-of-Age Fiction", "language": "English", "publisher": "Little, Brown and Company", "pagecount": 277, "rating": 4.0 }
  • 11.
  • 12. What we test in API • Functionality Testing: • Test the functionality of different API endpoints or methods, including both positive and negative test cases. • Verify that the API performs the intended operations, such as creating, reading, updating, and deleting data. • Request and Response Validation: • Verify that API requests are processed correctly and return the expected responses. • Check the correctness of HTTP status codes (e.g., 200 OK, 404 Not Found, 500 Internal Server Error) in response to different requests. • Headers verification (Content-Type, Content-length)) • Data Accuracy: • Ensure that the data returned by the API is accurate and matches the expected values. This includes checking response payloads, data formats (e.g., JSON, XML), and data types (e.g., strings, numbers, dates). • Security Testing: • Conduct security testing to identify vulnerabilities such as SQL injection, cross-site scripting (XSS), and other security risks. • Ensure that sensitive data is protected, and access controls are properly implemented. • Performance and Load Testing: • Evaluate the API's performance by measuring response times, throughput, and scalability. • Conduct load testing to determine how the API performs under heavy loads and concurrent requests. The goal is to ensure that the API functions correctly and meets its intended requirements
  • 13. 1.Functionality verification 2.Status code verification 3.JSON schema verification 4.Response body verification 5.Header verification 6.Performance (response time, error rate) 7.Security (sec headers, auth etc.) We can perform test manually and using test scripts in Postman What we test in API
  • 14. Postman • https://www.postman.com/ • Current version 10 • Postman is an API platform for building and Testing APIs • Create an Postman account to access all the features and Postman cloud • VS code plugin and browser extensions also available • Free and paid license • Features available for scheduling, performance testing
  • 15. Demo use case • Part of “Book management” Restful web service has been developed (the backend), but there is no front-end UI is created yet, But still we need to verify that backend methods are working as expected. • Search/Read all books • Search/Read a book based on ID or ISBN • Create a book • Update book • Delete book
  • 16. Demo scenarios • Create a workspace • Create a collection • Add requests • Create Environment • Parameterization through variables stored in Environment and collection • Write and execute Tests scripts (expected vs actual)
  • 18. API Endpoints GET http://52.230.26.246:3000/api/books GET http://52.230.26.246:3000/books?isbn=978-0-544- 27349-9&id=64ec4940ef68ef5a1e9b0d69 1. GET All Books 2. GET a book by ID OR/AND ISBN
  • 19. API Endpoints GET http://52.230.26.246:3000/api/books/6502de862a9942dab57de107 POST http://52.230.26.246:3000/api/books 3. GET book by ID 4. Create a new book { "title": "The Catcher in the Rye", "author": "J.D. Salinger", "publicationyear": 1951, "isbn": "978-0-316-76948-0", "genre": "Coming-of-Age Fiction", "language": "English", "publisher": "Little, Brown and Company", "pagecount": 277, "rating": 4 }
  • 20. API Endpoints PUT http://52.230.26.246:3000/api/books/6502de862a9942dab57de107 PATCH http://52.230.26.246:3000/api/books/6502de862a9942dab57de107 5. Update book 6. Partially Update book { "title": "The Catcher in the Rye", "author": "J.D. Salinger", "publicationyear": 1966, "isbn": "978-0-316-76948-0", "genre": "Coming-of-Age Fiction", "language": "English", "publisher": "Little, Brown and Company", "pagecount": 277, "rating": 4 } { "language": "English" }
  • 22. Variables • Scope: • Global • Environment • Collection • Creation: • Manually • Programmatically • Usage: {{variable name}}
  • 23. Writing Test scripts in Postman • Write tests manually • Use code snippets • Ask AI bot to create tests Write tests using "pm" object pm.test pm.expect pm.response pm.environment pm.test(“name of the test", function () { //code and test assertions });
  • 24. Test to verify response status code • 3-digit codes that indicates outcome of an API request • They are included in the API response
  • 25. Test to verify response status code
  • 26. Test to verify properties of the response
  • 27. Test to verify headers Headers are metadata components of an HTTP request or response that provide information about the data being sent or received Request Headers: •Host: Specifies the domain name of the target server. •User-Agent: Provides information about the client making the request (e.g., the browser and its version). •Accept: Indicates the media types (e.g., HTML, XML, JSON) that the client can process. •Authorization: Contains credentials to authenticate the client with the server. •Cookie: Carries client-specific data for server sessions. Response Headers: •Status Code: Informs the client about the result of the request (e.g., 200 for success, 404 for not found, 500 for server error). •Content-Type: Specifies the format of the content (e.g., text/html, application/json). •Content-Length: Indicates the size of the response content in bytes.
  • 28. Test to verify headers
  • 29. Test to verify Performance Performance testing for APIs is essential to ensure that APIs can handle the expected load and perform efficiently under various conditions Response Time Measurement: Measure the response times for API requests under different load conditions and compare them to performance objectives. Load Testing: Conduct load testing to determine how the API behaves under expected load conditions. Gradually increase the load until performance degrades or fails to meet your defined criteria. Stress Testing: Perform stress testing by increasing the load beyond the system's expected capacity. This helps identify the system's breaking point and any potential bottlenecks or performance issues under extreme conditions. Scalability Testing: Evaluate the API's scalability by adding more resources, such as servers, and measuring how it responds to increased demand
  • 30. Test to verify response time
  • 31. Test to verify API security Authentication and Authorization Testing Input Validation and Parameter Tampering Testing: Rate Limiting and Resource Throttling Security Scanning and Penetration Testing Security Headers and CORS Policies Security testing for APIs (Application Programming Interfaces) is crucial to ensure the security of data and resources in your application
  • 32. Test to verify security headers HTTP security headers are a set of HTTP response headers that web servers can use to enhance the security of web applications and protect against various web-related attacks. X-Powered-By header describes the technologies used by the webserver. This information exposes the server to attackers Strict-Transport-Security (HSTS): HSTS ensures that a web application communicates over HTTPS only, even if the user tries to access it via HTTP. This helps prevent man-in-the-middle attacks and SSL-stripping. X-Frame-Options: This header helps prevent clickjacking attacks by specifying whether a web page can be displayed in an iframe. It can be set to "DENY" to disallow framing, or "SAMEORIGIN" to allow framing only from the same origin.
  • 33. Test to verify security headers
  • 34. Other features • Collection runs –manually, scheduled, CI pipeline​ • Performance testing
  • 35. Q&A