Jagdeep Jain - Learn API Testing: Norms, Practices, and Guidelines for Building Effective Test Automation

Learn API TestingNorms, Practices, andGuidelines for BuildingEffective Test AutomationJagdeep JainLearn API Testing: Norms, Practices, and Guidelines for Building Effective Test Automation Jagdeep Jain Dewas, Madhya Pradesh, India ISBN-13 (pbk): 978-1-4842-8141-3 ISBN-13 (electronic): 978-1-4842-8142-0 https://doi.org/10.1007/978-1-4842-8142-0 Copyright 2022 by Jagdeep Jain This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.

The publisher makes no warranty, express or implied, with respect to the material contained herein. Managing Director, Apress Media LLC: Welmoed Spahr Acquisitions Editor: Divya Modi Development Editor: James Markham Coordinating Editor: Divya Modi Copy Editor: Mary Behr Cover designed by eStudioCalamar Cover image designed by Freepik (www.freepik.com) Distributed to the book trade worldwide by Springer Science+Business Media New York, 1 New York Plaza, Suite 4600, New York, NY 10004-1562, USA. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation. For information on translations, please e-mail booktranslations@springernature.com; for reprint, paperback, or audio rights, please e-mail bookpermissions@springernature.com.

Apress titles may be purchased in bulk for academic, corporate, or promotional use. eBook versions and licenses are also available for most titles. For more information, reference our Print and eBook Bulk Sales web page at www.apress.com/bulk-sales. Any source code or other supplementary material referenced by the author in this book is available to readers on GitHub via the book's product page, located at https://github.com/Apress/ Learn- API- Testing. For more detailed information, please visit https://github.com/Apress/Learn- API- Testing. Printed on acid-free paper I dedicate this book to my teachers, mentors,and colleagues who have been instrumental inthe enhancement of my knowledge on the subject,and also to my wife, daughter, sisters, parents, and in-laws,without whose relentless support it would not have beenpossible to manage the tight schedule of this work.Jagdeep JainTable of Contents About the Author xv About the Technical Reviewers xvii Acknowledgments xix Introduction xxi Chapter 1: Introduction to API Testing 1 What Is API Testing? 1 Need 5 Types of API Testing 6 Advantages 8 Summary9 Chapter 2: Web Application Architecture 11 Web Applications Defined 11 Monolithic vs Microservices Architecture 12 Designing Test Strategies 17 RESTful Architecture 18 HTTP 20 Headers 23 Requests 25 Request Methods 25 Resource Addresses 25 v Table of ConTenTs Request Headers 25 Request Body 26 Response 27 Status Line 27 Response Header 28 Response Body 28 Response Codes 28 Summary30 Chapter 3: Authentication 31 HTTP Authentication 31 Basic Authentication 32 Session-Based Authentication 32 Token/JWT-Based Authentication 33 OAuth2-Based Authentication 35 Authorization 37 RBAC 37 ABAC 38 Authentication and Authorization Services 38 Summary39 Chapter 4: Tools, Frameworks, and Libraries 41 API Testing Tools 42 cURL 42 Postman 51 RestAssured 63 Frameworks/Libraries 71 TestNG 71 Log4j 72 vi Table of ConTenTs Jackson-Databind 72 HashMap 72 Assertj 73 Java Spring 73 Summary73 Chapter 5: Test Pyramid 75 Black Box Testing 76 Grey Box Testing77 White Box Testing 77 Test Pyramid 78 Summary79 Chapter 6: Testing the API 81 Workflows/Use Cases/Test Script 82 Schema Validation82 Test Coverage85 Header Testing 86 Request Header 86 Response Header 87 Request Body 88 Format Unsupported 88 Special Characters 88 Very Long Strings 88 Invalid Method 89 Invalid Value 89 Incorrect Data Type 89 Empty Data/Object 89 Required Fields 89 vii Table of ConTenTs Null 90 Redundant Fields 90 DELETE Already Deleted Entity 90 Duplicate Check 90 Response Body 91 Actual Data vs Expected Data 91 Limit/Size/Pagination/Sorting 91 API Version Testing 91 Internal vs External APIs 91 Consumer-Driven Contract Testing 92 Importance of Negative Testing 92 Summary93 Chapter 7: A Good Test Script 95 Components of a Test Script 96 setup( ) 97 test( ) 97 teardown( ) 97 Guidelines 98 Single-Attempt Test 98 Document Test Objective 98 Keep It Small 99 Use assertj for Assertions 99 Use log4j 100 Order of Tests 100 No Interventions Between Test Steps 101 Avoid Hard Sleeps 102 Always Use Assertions 102 viii Table of ConTenTs Do Not Overtest 103 Do Not Import a Test into Another Test 103 Test Boundaries 103 API Test Coverage 104 Provide Short Commands 104 Do not try{} catch{} 104 Summary104 Chapter 8: Coding Guidelines 105 Coding Best Practices 105 Class Naming Conventions 106 Method Naming Conventions 106 Variable Naming Conventions 107 Constant Naming Conventions 107 Provide User Actions 107 Simplicity 107 Indentation 108 Test Assertions 108 Test Class Naming Conventions 109 Test Method Naming Conventions 109 Test Package Naming Conventions 111 Documentation 113 Summary113 Chapter 9: Organize a Test Framework 115 Framework Requirements116 Request 118 Response 118 Exception 118 ix Table of ConTenTs Configuration 119 User Authentication 119 Processor 119 Model 120 Test Framework 120 Test Assertions 120 Logger 121 Util 121 Test Execution 121 Debug Config 121 Test Driver 122 Setting Up a Maven Project 122 Dependencies and Plugins 123 RestAssured 123 Log4j 123 TestNG 124 Spring Framework 124 Assertj 125 Jackson-Databind 125 Maven Compiler Plugin 125 Surefire Plugin 126 Java Code Formatting Plugin 127 Request 128 Response 131 Exceptions 135 Configuration136 Properties File 136 Spring 137 x Table of ConTenTs Application Configuration 139 Application Context140 Application Config 140 Complete URL For the Test Script 141 Test Data 142 User Authentication 144 Processor 145 Model 146 Test Framework 146 Logger 148 Util 149 Test Execution 149 Debug Config 150 Test Driver 150 Summary150 Chapter 10: First Test Script 151 Developing Your First Test 151 Base Test 152 First Test 154 Test Suite 157 TestNG XML 157 Executing a Test 159 Execute a Test Suite 159 Execute an Individual Test 159 Execution Results 160 TestNG Report 160 xi Table of ConTenTs Logging 161 log( )all( ) 161 Response Time 162 Debug 163 Summary164 Chapter 11: API Documentation165 Need 166 Swagger 167 Summary176 Chapter 12: Case Study: Shopping Cart APIs 177 Feature List 178 QA Responsibility Matrix 179 Sprint # 181 Goal Setting 183 Sprint One 183 Sprint Guidelines 184 QA Tasks 185 Targeted Features 189 API Endpoints 190 Unit Testing 190 Test Plan Development 190 Test Data Preparation 191 Manual Test Scripts 192 Postman 192 Test Automation 192 Test Suite 194 Parallel Test Execution 195 xii Table of ConTenTs Test Execution 196 Front-End Team 197 Sprint Nth 197 Sprint Demo Feedback Testing 198 Hardening Sprint 198 Release Testing198 Summary199 Appendix A: Workstation Setup 201 Java201 MacOS 202 Ubuntu 202 Linux 202 Windows 202 Maven 203 MacOS 203 Ubuntu 204 Linux 204 Windows 204 Maven Project 204 cURL 205 MacOS 205 Ubuntu 205 Linux 206 Windows 206 Postman 206 IDE 206 Tomcat 206 xiii Table of ConTenTs MacOS/Ubuntu/Linux 206 Windows 207 Appendix B: Contact Management Application 209 Swagger 211 Appendix C: Shopping Cart Application 213 Swagger 214 Index 215 xiv