The document outlines a workshop on API automation, focusing on concepts such as what an API is, its benefits, and tools for API testing. It presents a checklist for effective API testing and guides participants through setting up and executing API tests using Pactum and Mocha. Additionally, the document covers topics like valid responses, error handling, schema validation, and practical examples of testing workflows with APIs.

1. Next Level
API Automation
Workshop
@ailuj876

2. Julia Pottinger
Head of Training and Development
youtube.com/juliapottinger
ailuj876
juliapottinger.com
TestAutomationU
linkedin.com/in/julia-pottinger/

3. What is an API?
API is the acronym for Application
Programming Interface, which is a
software intermediary that allows
two applications to talk to each
other.
@ailuj876

4. AUTOMATION Benefits
Greater test stability Language independence
Faster test results Reduced costs
Improved Test Coverage Earlier Bug Fix
API
@ailuj876

5. API TESTING Tools
@ailuj876

8. HTTP
API Requests
GET Retrieves resources
POST
PUT
DELETE
Creates resources
Changes and/or replaces resources or collections
Deletes resources
@ailuj876

9. API Responses
100 - 199 Information Response
200-299 Sucessful Responses
300-399 Redirection Messages
400-499 Client Error Responses
500-599 Server Error Responses @ailuj876

10. API Responses
200 OK - The request has succeeded.
201 Created - The request has been fulfilled.
400 Bad Request - The request could not be understood by the server
401 Unauthorized - requires user authentication or, authorization refused
404 Not Found - The requested resource could not be found.
500 Internal Server Error.
502 Bad Gateway @ailuj876

11. API Testing
Checklist
@ailuj876

12. @ailuj876

13. Prioritize APIs
Ensure APIs are properly documented
Define the types of tests that you want
to run
Evaluate and select an API testing tool
1.
2.
3.
4.
juliapottinger.com/api-testing-checklist
@ailuj876

14. @ailuj876
Positive scenarios return a valid response
Invalid requests return the correct error message
Schema match
Workflow and data persistence
Response Payload - valid JSON body, correct field names, types,
and values
Application state before and after API call
Security and authorization
Response time
Response Headers
Things to Test
1.
2.
3.
4.
5.
6.
7.
8.
9.

15. What we will be
automating today
@ailuj876

16. Restful booker API documentation
https://restful-booker.herokuapp.com/apidoc/index.html
@ailuj876
Create booking
Update booking
Get booking by ID
Unauthorized Update
Workflow

17. Import the postman collection
https://www.getpostman.com/collections/1d13a7a0eb5056cd6e04
@ailuj876

18. Install
Dependencies
@ailuj876

19. Need NodeJS and NPM
Check your node version
@ailuj876
Or install node from https://nodejs.org/en/
I'll be using Visual Studio Code as the code
editor
node -v

20. Create project folder
mkdir next-level-api-automation
@ailuj876
open the folder in your preferred code
editor
cd to folder and initialize NPM
npm init -y

21. Pactum is needed to execute the API tests
Mocha will be the test runner
npm install pactum --save
@ailuj876
Install Dependencies
Pactum comes with assertions built in
npm install mocha --save

23. Things to note with Pactum
spec keyword is used to make a request
You then chain the request type - PUT, GET, POST
pass in the URL for the API
withJson contains the detail of the request body
withHeaders is used for headers and authorization
expectStatus validates the response status
expectJsonSchema validates the Json Schema

24. Repository
https://github.com/jpott77/api-
automation-supertest
@ailuj876
https://github.com/jpott77/api-
automation-pactum

25. Creating
your first test
@ailuj876

26. Positive Scenarios
Return Valid
Response @ailuj876

27. @ailuj876

28. Pactum
@ailuj876

29. @ailuj876
@ailuj876
supertest

30. @ailuj876
Follow Along to
create first test

31. @ailuj876
Activity

32. @ailuj876

33. Activity - 20 mins
Using the Postman request, write
code to UPDATE the booking,
note you need Authorization
code @ailuj876

34. @ailuj876

35. Invalid requests
returns correct error
message
@ailuj876

36. What happens if we
miss a required
parameter from our
POST request body?
@ailuj876

37. @ailuj876
First name is missing

38. Security and Authorization
Fails
securely
responds securely to
possible security
attacks
refuse calls to
endpoints if user not
permitted
responds as expected to
correct authorization-
Bearer token, cookies etc
Rate Limiting and
throttling
internal data
representations are not
shared in response body
@ailuj876

39. Invalid token
@ailuj876

40. 5 mins break
@ailuj876

41. API Response matches
the expected schema
@ailuj876

42. A schema is an outline, diagram, or model. In
computing, schemas are often used to describe
the structure of different types of data. Two
common examples include database and XML
schemas.
What is a Schema
@ailuj876

43. Automated testing.
Ensuring quality of client submitted data
JSON Schema is a vocabulary that allows you
to annotate and validate JSON documents.
Validates data which is useful for:
What is JSON Schema
@ailuj876

44. @ailuj876

45. @ailuj876

46. Schema has the properties
@ailuj876

47. @ailuj876

48. @ailuj876

49. Activity - 10 mins
Update your Create Booking test
to be verified with a schema
@ailuj876

50. Handles workflows and
data persists
throughout as expected
@ailuj876

51. Create
Booking
and store
Booking ID
Use ID to
Get
booking
and
validate
details
Delete
Booking
using
booking ID
Verify
Flow
Use
Booking
ID to
Update
booking
Workflow
@ailuj876

52. @ailuj876

53. @ailuj876

54. @ailuj876

55. Scenarios also
apply to GraphQL
API's
Examples @ailuj876

56. @ailuj876
https://api.spacex.land/graphql/

57. @ailuj876

58. @ailuj876

59. @ailuj876

60. WEBSITES
FOR Practise
@ailuj876

61. youtube.com/juliapottinger
ailuj876
juliapottinger.com
TestAutomationU
linkedin.com/in/julia-pottinger/
Thank You
Stay Connected