APIs are an essential part of an increasingly large number of applications that we use daily. APIs enable applications to exchange data and functionality easily and securely. As testers, we want to ensure that our APIs do not break and provide the expected functionality. We can automate our APIs to speed up the rate at which our checks are done.
This workshop is geared toward persons who are new to API automation, who want a refresher or want to learn how to automate APIs using Supertest (a JS framework). In this workshop, you will learn how to get started with automating APIs using Supertest (a JS framework). We will be writing test automation for the restful-booker and the SpaceX-graphQL API.
The workshop will cover how to automate common API requests (GET, POST and PUT), negative tests for your API as well as check that your APIs handle errors appropriately and follow the specified schema.
During this workshop, you will also learn how to automate workflows for an API. To follow along with this workshop, Postman installed on your machine.
2. Julia Pottinger
Head of Training and Development
youtube.com/juliapottinger
ailuj876
juliapottinger.com
TestAutomationU
linkedin.com/in/julia-pottinger/
3. What is an API?
API is the acronym for Application
Programming Interface, which is a
software intermediary that allows
two applications to talk to each
other.
@ailuj876
4. AUTOMATION Benefits
Greater test stability Language independence
Faster test results Reduced costs
Improved Test Coverage Earlier Bug Fix
API
@ailuj876
8. HTTP
API Requests
GET Retrieves resources
POST
PUT
DELETE
Creates resources
Changes and/or replaces resources or collections
Deletes resources
@ailuj876
9. API Responses
100 - 199 Information Response
200-299 Sucessful Responses
300-399 Redirection Messages
400-499 Client Error Responses
500-599 Server Error Responses @ailuj876
10. API Responses
200 OK - The request has succeeded.
201 Created - The request has been fulfilled.
400 Bad Request - The request could not be understood by the server
401 Unauthorized - requires user authentication or, authorization refused
404 Not Found - The requested resource could not be found.
500 Internal Server Error.
502 Bad Gateway @ailuj876
13. Prioritize APIs
Ensure APIs are properly documented
Define the types of tests that you want
to run
Evaluate and select an API testing tool
1.
2.
3.
4.
juliapottinger.com/api-testing-checklist
@ailuj876
14. @ailuj876
Positive scenarios return a valid response
Invalid requests return the correct error message
Schema match
Workflow and data persistence
Response Payload - valid JSON body, correct field names, types,
and values
Application state before and after API call
Security and authorization
Response time
Response Headers
Things to Test
1.
2.
3.
4.
5.
6.
7.
8.
9.
16. Restful booker API documentation
https://restful-booker.herokuapp.com/apidoc/index.html
@ailuj876
Create booking
Update booking
Get booking by ID
Unauthorized Update
Workflow
17. Import the postman collection
https://www.getpostman.com/collections/1d13a7a0eb5056cd6e04
@ailuj876
19. Need NodeJS and NPM
Check your node version
@ailuj876
Or install node from https://nodejs.org/en/
I'll be using Visual Studio Code as the code
editor
node -v
20. Create project folder
mkdir next-level-api-automation
@ailuj876
open the folder in your preferred code
editor
cd to folder and initialize NPM
npm init -y
21. Pactum is needed to execute the API tests
Mocha will be the test runner
npm install pactum --save
@ailuj876
Install Dependencies
Pactum comes with assertions built in
npm install mocha --save
22.
23. Things to note with Pactum
spec keyword is used to make a request
You then chain the request type - PUT, GET, POST
pass in the URL for the API
withJson contains the detail of the request body
withHeaders is used for headers and authorization
expectStatus validates the response status
expectJsonSchema validates the Json Schema
38. Security and Authorization
Fails
securely
responds securely to
possible security
attacks
refuse calls to
endpoints if user not
permitted
responds as expected to
correct authorization-
Bearer token, cookies etc
Rate Limiting and
throttling
internal data
representations are not
shared in response body
@ailuj876
42. A schema is an outline, diagram, or model. In
computing, schemas are often used to describe
the structure of different types of data. Two
common examples include database and XML
schemas.
What is a Schema
@ailuj876
43. Automated testing.
Ensuring quality of client submitted data
JSON Schema is a vocabulary that allows you
to annotate and validate JSON documents.
Validates data which is useful for:
What is JSON Schema
@ailuj876
51. Create
Booking
and store
Booking ID
Use ID to
Get
booking
and
validate
details
Delete
Booking
using
booking ID
Verify
Flow
Use
Booking
ID to
Update
booking
Workflow
@ailuj876