Outline

In this post, I will explain what is API and API testing, what is the difference between SOAP and REST services, and how to test REST APIs with Rest Assured Library.

What is API?

API stands for Application Programming Interface. It comprises of a set of functions that can be accessed and executed by another software system.  Thus, it serves as an interface between different software systems and establishes their interaction and data exchange.

What is API Testing?

In the modern development world, many web applications are designed based on three-tier architecture model. These are:

1) Presentation Tier – User Interface (UI)

2) Logic Tier – Business logic is written in this tier. It is also called Business Tier. (API)

3) Data Tier – Here information and data is stored and retrieved from a Database. (DB)

Ideally, these three layers (tiers) should not know anything about the platform, technology, and structure of each other. We can test UI with GUI testing tools and we can test logic tier (API) with API testing tools. Logic tier comprises of all of the business logic and it has more complexity than the other tiers and the test executed on this tier is called as API Testing.

API testing tests logic tier directly and checks expected functionality, reliability, performance and security. In the agile development world, requirements are changing during short release cycles frequently and GUI tests are more difficult to maintain according to those changes. Thus, API testing becomes critical to test application logic.

In GUI testing we send inputs via keyboard texts, button clicks, drop-down boxes, etc., on the other hand in API testing we send requests (method calls) to the API and get output (responses). These APIs are generally REST APIs or SOAP web services with JSON or XML message payloads being sent over HTTP, HTTPS, JMS, and MQ.

[Ref: wiki]

I don’t want to go into theory so much in this post. If you want to learn more theory on API testing, you can visit below websites.

https://www.soapui.org/testing-dojo/world-of-api-testing/what-makes-api-testing-special-.html
http://www.guru99.com/api-testing.html (Very introductive article.)
https://en.wikipedia.org/wiki/API_testing

REST vs SOAP

REST (REpresentational State Transfer)

REST is an architectural style that uses simple HTTP calls for inter-machine communication. REST does not contain an additional messaging layer and focuses on design rules for creating stateless services. A client can access the resource using the unique URI and a representation of the resource is returned. With each new resource representation, the client is said to transfer state. While accessing RESTful resources with HTTP protocol, the URL of the resource serves as the resource identifier and GET, PUT, DELETE, POST and HEAD are the standard HTTP operations to be performed on that resource. [1][2][6]

SOAP (Simple Object Access Protocol)

SOAP relies heavily on XML, and together with schemas, defines a very strongly typed messaging framework. Every operation the service provides is explicitly defined, along with the XML structure of the request and response for that operation. Each input parameter is similarly defined and bound to a type: for example, an integer, a string, or some other complex object. All of this is codified in the WSDL – Web Service Description (or Definition, in later versions) Language. The WSDL is often explained as a contract between the provider and the consumer of the service. SOAP uses different transport protocols, such as HTTP and SMTP. The standard protocol HTTP makes it easier for SOAP model to tunnel across firewalls and proxies without any modifications to the SOAP protocol. [3][4][6]

References:
http://searchsoa.techtarget.com/definition/REST [1] http://blog.pluralsight.com/representational-state-transfer-tips [2] https://www.soapui.org/testing-dojo/world-of-api-testing/soap-vs–rest-challenges.html [3] http://blog.smartbear.com/apis/understanding-soap-and-rest-basics/ [4] http://spf13.com/post/soap-vs-rest [5] http://searchsoa.techtarget.com/tip/REST-vs-SOAP-How-to-choose-the-best-Web-service [6]

REST API Testing with Rest Assured

What is Rest Assured?

In order to test REST APIs, I found REST Assured library so useful. It is developed by JayWay Company and it is a really powerful catalyzer for automated testing of REST-services. REST-assured provides a lot of nice features, such as DSL-like syntax, XPath-Validation, Specification Reuse, easy file uploads and with those features we will handle automated API testing much easier.

Rest Assured has a gherkin type syntax which is shown in below code. If you are a fan of BDD (Behavior Driven Development), I believe that you will love this kind of syntax.

Also, you can get JSON response as a string and send it to the JsonPath class and use its methods to write more structured tests. I generally prefer JsonPath for more structured tests.

For more theory, please visit below references. I want to go with an example questions and their solutions.

References:
https://github.com/jayway/rest-assured [1] (Rest Assured github page)
http://www.hascode.com/2011/10/testing-restful-web-services-made-easy-using-the-rest-assured-framework/ [2] http://www.javacodegeeks.com/2015/04/automated-testing-of-rest-services.html [3] http://static.javadoc.io/com.jayway.restassured/rest-assured/1.6.1/com/jayway/restassured/path/json/JsonPath.html [4] http://www.javahotchocolate.com/notes/rest-assured.html [5]

Examples

Example-1:

Test Description: Test a search with a search term and number of 4 videos parameter.

Base URL: http://api.5min.com/

Base path: search

Search term: Barack Obama

Parameter: num_of_videos

URL: http://api.5min.com/search/barack%20obama/videos.json?num_of_videos=4

Expected Result: We will receive details of the URL to the video and associated title and description in JSON format.

Verifications/Tests:

  • Verify the http response status returned.
  • Verify the response contained the relevant search term
  • Verify that only 4 video entries were returned
  • Verify that there is no duplicate video
  • Print video title, pubDate & duration

Example-2:

Test Description: Test a search with an id of video and number of 4 related videos parameter.

Base URL: http://api.5min.com/

Base Path: video

Search term: 519218045

Parameter: num_related_return

URL: http://api.5min.com/video/list/info.json?video_ids=519218045&num_related_return=4

Expected Result: We will receive details of that video and 4 related videos including their title, URL and associated image in JSON format.

Verifications/Tests:

  • Verify the http response status returned.
  • Verify that response was successful and relevant to given video_id
  • Verify that 4 additional video entries were returned along with the given video_id
  • Verify that there is no duplicate in related videos
  • Print video title, permittedDeviceTypes status (for “Tablets”,”Handsets”,”ConnectedDevices”,”Computers”) & time duration

Solutions

Strategy:
First, it is very reasonable to use a framework/library which provides us testing an API easily in a short period of time and we chose the Rest-assured library. It is better to write the code with below rules.

Single Responsibility:
– Each test has a single responsibility and includes a single assertion.
Explicit separation has advantages while we are doing black-box testing.

High Level of Abstraction:
– The logic of a test should be written in a high-level way.
– All details such as sending request, creating request, dealing with IO should be done via utility methods not to do with inline methods.

Re-usability:
Write the class, methods etc. that can be re-used for the testing of other endpoints of API.

Documentation:
Add documentation, comments which describe the tests sufficiently.

Extra Tools:
You can format JSON responses with notepad++’s JSON Viewer plugin.

Rest Assured

Project Structure:

1) I wrote HelperMethods class and RestUtil classes for reusability and clean project structure.
– HelperMethods
class comprises of test related functions.
– RestUtil
class contains Rest Assured related methods.

Rest Assured

2) Example1Test and Example2Test contains our tests and assertions.

3) AllApiTest is the test runner suite. We can run all the test with the AllApiTest test suit.

In this project I used Maven and pom.xml is our dependency and profile xml file. We will also go into details of this file further.

Now we can start to examine the test code. We start with pom.xml.

POM.xml

In pom.xml we should add:

JUnit library – It is our test framework

Hamcrest library – For assertion methods

– Jayway Rest Assured library – It is our REST API testing library

– For running the test from command prompt with maven I also added AllApiTests profile at the end of the pom.xml. We can run all tests with “mvn test –PallApiTests” command.

pom.xlm code is shown below:

I tried to explain the other codes line by line. Now I want to go on with project’s JAVA files.

RestUtil.java

It is a utility class for Rest Assured Library. It contains many methods that help us to write our codes more effectively.

HelperMethods.java

It is another utility class for our example1 and example 2. It contains methods about example1 and example2. We created this class for creating clean project structure and prevent code replication.

Example1Test.java

I explained the code line by line below.

Example2Test.java

I explained the code line by line.

AllApiTest.java

It is our test suite. We use this class name to create a profile in pom.xml.

Rest Assured

Thus, we can run our tests on command prompt by typing below maven command.

mvn test –PallApiTests

Test Execution

When you create your project with the files that are described and shared in this post. You should go project directory in command prompt and simply type below command.

mvn test –PallApiTests

Then, our tests will run as shown below.

Rest Assured

Also, you can run the tests in IntelliJ or Eclipse.

Rest Assured

Github Link: https://github.com/swtestacademy/RestAssuredExample