- Key points to know before testing REST API
1. How to send the Call to REST API?2. What are Endpoints?
3. What are the types of REST request?
4. What is header/ Cookies?
- End Points: Endpoints divided into the following parts
1.Base URL
2.Resource
3.Parameters
2.Resource
3.Parameters
1. Base URL: It is also known as host URL, The Website link itself is base URL.
Ex: https://www.google.com
2. Resource: It is mentioned after the Base URL in the link, which is the different module in the given host like
as above example in Google there are many modules, we have to write the module name
we want to hit.
Ex: https://www.google.com/maps,Here the “maps” is the resource we are using for Google or
we want to use the map module of the google website.
we want to hit.
Ex: https://www.google.com/maps,Here the “maps” is the resource we are using for Google or
we want to use the map module of the google website.
3. Parameters: These are the input values passed along the API call, To know what all parameters to be
passed for particular API, we need to go through the API doc they provided.
Every API we will have different parameters.
In the above example we are passing the input parameter “Place“,
it is one of the input to be passed according to the Google API Document
NOTE: Parameters passed in two different ways, they are mentioned below
1. Parameters passed in the API URL itself.
2. Parameters passed in the Body of the API.
Above mentioned way depends upon the API request, we are calling to get the data
Above mentioned way depends upon the API request, we are calling to get the data
There are 4 different types of REST API request can be used to communicate with Server,
they are mentioned below:
they are mentioned below:
1.GET
2.POST
3.PUT
4.DELETE
Let's learn one by one,
4. DELETE: This type of request used to delete the data already present in the server DB,
it is also a subset of POST request as I have already told POST request is used to create,
update and delete the data from the server DB.
In DELETE request also we need to send the input parameters should be passed
in the body of the API request.
Authentication: This will always be part of request header, It plays an important role in API request,
As server will only process the request and send the data once the response is sent,
the system will keep track of the user recent query and verify the user.
the user who is accessing data is valid or intruder for that application
3.OAuthentication 1.0
4.OAuthentication 2.0
5.Hawk Authentication
6.AWS signature
For currently, we are learning the only Authentication using the Header which is an easy way to do,
Let's learn one by one,
1. GET: This type of request only used to retrieve or fetch the data from the Server.
It is more like asking a question or sending the query to the server, Once the server get the
GET request it analyses the request and sends the data in JSON or XML format.
It is more like asking a question or sending the query to the server, Once the server get the
GET request it analyses the request and sends the data in JSON or XML format.
In GET request, Input parameters passed in the API URL itself.
2. POST: This type of request used to add or create the data in the server, If the user wants to add the data to
existing server DB, he needs to call POST request, When the server gets POST request it analyses
the request and create or add the data accordingly in the server DB and sends the
Response to the user in XML or JSON format.
existing server DB, he needs to call POST request, When the server gets POST request it analyses
the request and create or add the data accordingly in the server DB and sends the
Response to the user in XML or JSON format.
In POST request, Input parameters passed in the Body of XML or JSON request,
nothing but passing the parameters in the body of the request.
nothing but passing the parameters in the body of the request.
NOTE: If we pass the required parameters wrongly, then the server will return the error message,
to get the correct response we need to pass the right parameters.
to get the correct response we need to pass the right parameters.
3. PUT: This type of request used to update the data already present in the server DB, It is also known as
a subset of POST request because If we can use the POST request itself to update the data in the
server DB, Hence In IT industry most companies only use the GET and POST
methods to communicate with the server.
In PUT request also we need to send the input parameters should be passed in the body of the API request.
4. DELETE: This type of request used to delete the data already present in the server DB,
it is also a subset of POST request as I have already told POST request is used to create,
update and delete the data from the server DB.
In DELETE request also we need to send the input parameters should be passed
in the body of the API request.
Headers: It is another part of the API request, headers are mainly used to Authentication and define
the content type we need to get the data.
the content type we need to get the data.
Content-type: As mentioned above points the data will be received in XML or JSON format.
Hence there are two types of the format we can get data
1. XML
Hence there are two types of the format we can get data
1. XML
2. JSON
To make sure we want the data in the format we need it will be decided in the header of the API request,
in the header we mention the content type, the format which we need the response from the server
Ex: Content type = JSON
In the above example, If we send the API request to the server, the server will first analyze the header of
the request first because header always has the major part of the request which is Authentication, once
it sees the content type has value JSON, Sever will understand that data it will send the response in
JSON format.
As server will only process the request and send the data once the response is sent,
the system will keep track of the user recent query and verify the user.
the user who is accessing data is valid or intruder for that application
To prevent all this API request use the Authentication in the header of the request
As Server receives the API request, It will authenticate the API request is form valid user or not,
We can use the following way to authenticate
1.Basic Authentication.
2.Digest Authentication.We can use the following way to authenticate
1.Basic Authentication.
3.OAuthentication 1.0
4.OAuthentication 2.0
5.Hawk Authentication
6.AWS signature
For currently, we are learning the only Authentication using the Header which is an easy way to do,
In our case, the API should have sent with X-token which is the randomly generated the token and
present in the server DB and also linked with one user.
We need the following scenario to explain the above point
3.SoapUI
4.Katalon
We need the following scenario to explain the above point
- Consider a User login into the Website we hosted, To login, Our Web app will call the Login API which needs two parameters
1. User name
2. Password and
3. UserID.
3. UserID.
- Once the Login API called the user is searched in Server DB and identify the User and validate the Username and Password sent by the Web app matches with the Username and Password linked with that userID
- Once the Username and Password are matched, Server will create the hexadecimal token we called it as X-token or key, which always will be unique for every user when they log in every time they log in to the system and old x-token or key will be deleted automatically once they logged out or expire once the specified time period is over.
- The above X-token is sent as the response for Login API and x-token get stored in the web browser as the Cookie which will store all session data in local memory for the web browser.
- Every time user make any request the API response will have the X-token in the player header, through x-token server identify the User is the valid user or not and also identify and remember the previous query the user had made to the server
We can do the manual testing of REST API using the following API tools,
1.Postman
2.Jmeter1.Postman
3.SoapUI
4.Katalon
There are many tools available for manual testing one of the most popular and commonly used tool across
the industry is Postman.
the industry is Postman.
In the next blog,
We will discuss What is REST assured? and How to setup REST assured in the system?
Thank you.
No comments:
Post a Comment