Please enable JavaScript.
Coggle requires JavaScript to display documents.
LIL - API Testing Foundations (Additional API Testing Considerations (Test…
LIL - API Testing Foundations
Understanding Web Services and APIs
API Terminology
API Verbs
Designing RESTful APIs
Idempotency
Safety
State not affected by your actions.
E.g. : GET does not change the state of your object.
Types of APIs
REST
Representation State Transfer
API that consistantly applies the actions GET/PUT/POST/DELETE to resources, called nouns (usually URL w some parameters)
SOAP
Simple Object Access Protocol
Follow strict rules
WSDL - Web Services Description Language
SOAP message and response format are predefined
GraphQL
bridges the gap between REST & SOAP (?)
Hypermedia
(?)
API Testing Risks
API changes
Versioning
Schema
Server calculation
Data format
Availability
Network issues
Permissions
Timing of responses
Out of order calls
Slow calls
Time out?
Concurrent changes
Performance/security
Programmatic access
Getting started with API Testing
https://dog.ceo/dog-api/
https://www.swapi.co/
API Authorization
Authentication
What?
Verifying who you are
Authorization
What
Verifying what you can do
OAuth Workflow
Pieces involved
Application
Auth server
Based on username-password combination, it gives back a token to the application
Web service
Receives the token when API call happens
Hands-on API Testing
Additional API Testing Considerations
Test Doubles
Idem doublure au cinéma
E.g. mocks, stubs, fakes, etc.
Why?
To isolate the server
e.g. pas faire full POST call inutiles
Because server is not available
Parfois le server n'est pas là pour la période de testing
Example: mock server
API Automation
Approaches
Data driven
Workflow driven
Performance testing
Security testing
Usual suspects
Areas of responsibility
Validation