UNDERSTANDING AND TESTINGRESTFUL WEB SERVICES

PLEASE INSTALL

POSTMAN - REST Client

POSTMAN Interceptor

www.getpostman.com

www.getpostman.com/features#interceptor

Created by / Mark Winteringham @mwtestconsult

ABOUT ME... -

-

-

www.mwtestconsultancy.co.uk

@mwtestconsult

linkedin.com/in/markwinteringham

WORKSHOP GOALSExplore the basics of a RESTful WebServices

Build requests to query and manipulate data

Try out different test design techniques

Going forward with the skills you've learnt

WELCOME TO 'THE BEST AT REST LTD'

Creators of RESTFUL-BOOKER

A restful webservice that allows hotelsto store booking details about their

guests

RESTFUL-BOOKER REQUIREMENTS1. Must be able to create, read, update and

delete bookings2. Bookings must be searchable3. Bookings must store the following items

Guests nameThe price of their bookingWhether they have paid a depositThe dates of their bookingAny additional needs

GITHUB REPOSRestful booker:

Slides:

www.github.com/mwinteringham/restful-booker

www.github.com/mwinteringham/reveal.js

POSTMANOur test tool for the workshop

RESTFUL WEB SERVICE

WEB SERVICE

'A Web service is a software system designed to supportinteroperable machine-to-machine interaction over a network.'

http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/#webservice

Mobile to Web Service

UI Backend

Web Service to Web Service

Reports Search

A service-oriented architecture

WHAT MAKES A SERVICE RESTFUL?

StatelessCacheable

Uniform InterfaceClient-Server

Layered SystemCode on Demand

Identify a resourceManipulate a resource

URIsHTTP

A web service has to usespecific standards to:

http://c2.com/cgi/wiki?RestArchitecturalStyle

A RESTFUL WEB SERVICE EXAMPLE

http://adrianmejia.com/blog/2014/10/01/creating-a-restful-api-tutorial-with-nodejs-and-mongodb/

REST-REPORTERhttps://github.com/mwinteringham/restful-booker

rest-reporter is a C.R.U.D. service

CREATE

READ

UPDATE

DELETE

READ

A TYPICAL HTTP READ REQUESTURI Path

URI Host

UNIFORM RESOURCE IDENTIFIERS

Resource

Booking resource 1

_id:5534e8cdbb97c77e0eb7ae51

Something the service exposes tothe end user to interact with suchas an image, video, html, text, etc.

GET /booking/5534e8cdbb97c77e0eb7ae51

UNIFORM RESOURCE IDENTIFIERSscheme ://host :port /resource ?queryString

http://localhost:3001/booking?name=mary

QUERY STRINGSA query string indicates additional actions you might

want to apply to the resource/resources you want

Returns all bookings between two dates whereas:

GET /booking?checkin=2014-03-13&checkout=2014-05-21

Returns all the bookings

GET /booking

CREATING QUERY STRINGSQuery strings start with a ? after the resource pathAre declared as key=valueMultiple query declarations are joined using &

For example:

GET /booking?checkin=2014-03-13&checkout=2014-05-21

A TYPICAL HTTP READ REQUESTHTTP Verb

HTTP VERBSHTTP methods indicate an action the user would like to

do on a resource

CREATE = POST

READ = GET

UPDATE = PUT

DELETE = DELETE

VERBS IN ACTION

GET - Returns current bookings

POST - Creates a new booking

http://localhost:3001/booking

http://localhost:3001/booking

OPTION http://localhost:3001/booking

Returns which Verbs can be used on a URI

A TYPICAL HTTP READ REQUEST

Headers

HTTP HEADERSDefine the operating parameters of an HTTP request such as:

What is requesting the resourceWhat format the resource should be inAuthorisation that the resource can be requested

And more: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields

HTTP HEADERSAdding headers can alter the behaviour of the service and its response

Key: Value Outcome

Accept: application/json JSON is returned

Accept: application/xml XML is returned

A TYPICAL HTTP RESPONSEHTTP Status code

HTTP STATUS CODESIndicator of how the server has responded to the request you've sent

1xx Informational

2xx Success

3xx Redirection

4xx Client Error

5xx Server Error

https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

TYPICAL HTTP STATUS CODES200 Server has carried out its actions successfully

404 URI path doesn't exist

403 You're not authorised to access the path

500 Server error

503 Service is unavailable

A TYPICAL HTTP RESPONSE

Payload

TYPES OF PAYLOADSJSON

"_id":"5534e8cdbb97c77e0eb7ae65", "firstName":"Jim", "lastName":"Wilson", "totalPrice":787, "depositPaid":false, "additionalNeeds": "Breakfast", "bookingDates":{ "checkIn":"2013-08-10T22:34:22", "checkOut":"2015-03-23T14:00:00"

XML

<_id>5534e8cdbb97c77e0eb7ae65</_id><firstName>Jim</firstName><lastName>Wilson</lastName><totalPrice>787</totalPrice><depositPaid>false</depositPaid><additionalNeeds>Breakfast</additionalNeeds><bookingDates> <checkIn>2013-08-10T22:34:22</checkIn> <checkOut>2015-03-23T14:00:00</checkOut></bookingDates>

HTML

<p>5534e8cdbb97c77e0eb7ae65</p><p>Jim</p><p>Wilson</p><p>787</p><p>false</p><p>breakfast</p><ul> <li>2013-08-10T22:34:22</li> <li>2015-03-23T14:00:00</li></ul>

ITERATION ONE - INVESTIGATING READUSERS STORIES

As a user of restful-booker

I want to be able to view allcurrent booking IDs

So that I can choose an ID to viewthe booking of

GET /booking

As a user of restful-booker

I want to be able to search on thebooking dates

So that I can filter the relevantbooking IDs I require

GET /booking?checkin=*&checkout=*

As a user of restful-booker

I want to be able to retrieve abooking using its ID

So that I can view the details ofthat booking

GET /booking/{id}

API can be found at: github.com/mwinteringham/restful-booker

What did you learn?

CREATE

A TYPICAL HTTP CREATE REQUESTChange in HTTP Verb

Payload

PAYLOADA representation of the resource you want to create

through the service

The parameters and the structure of the payload havestrict rules.

Which can also be known as a 'contract'

XML PAYLOADS<booking> <firstName>Mark</firstName> <lastName>test</lastName> <totalPrice>300.00</totalPrice> <depositPaid>true</depositPaid> <additionalNeeds>Breakfast</additionalNeeds> <bookingDates> <checkIn>11/11/2014</checkIn> <checkOut>12/11/2014</checkOut> </bookingDates></booking>

https://en.wikipedia.org/wiki/XML

JSON PAYLOADS{ "firstName": "Mark", "lastName": "test", "totalPrice": 300.00, "depositPaid": true, "additionalNeeds": "Breakfast", "bookingDates": { "checkIn": "11/11/2014", "checkOut": "12/11/2014" }}

http://json.org/

DATA TYPES { "firstName": "Mark", "lastName": "test", "totalPrice": 300.00, "depositPaid": true, "additionalNeeds": "Breakfast", "bookingDates": { "checkIn": "11/11/2014", "checkOut": "12/11/2014" }}

String

Number

Boolean

Dates (String)

ROBUSTNESS PRINCIPLE`Be conservative in what you do, be liberal in what you accept from others`

Postel's law

When sending a payload the service should conform to the contract being sentWhen receiving a payload the service should accept invalid data without error

POST RELATED HEADERSKey Value

Content-Type: application/json, text/xml

Content-Length: 157

ITERATION TWO - INVESTIGATINGCREATEUSER STORIES

As a user of restful-booker

I want to be able to create

So that I can choose an ID to viewthe booking of

POST /booking

API can be found at: github.com/mwinteringham/restful-booker

What did you learn?

UPDATE/DELETE

AUTHORISATIONServices generally have one or more layers of security

such as:

Basic access authenticationCookie based authentication

This isn't an exhaustive list

There may be other layers of security in place

HTTP HEADERS - COOKIESCookies are also a type of header and can be added to a

request

Cookie: COOKIEVAL1=abc; COOKIEVAL2=def;

BASIC ACCESS AUTHENTICATIONComes in the form of a header

Authorization Basic Base64(username:password)

Authorization Basic dXNlcm5hbWU6cGFzc3dvcmQ=

https://en.wikipedia.org/wiki/Basic_access_authentication

COOKIE BASED AUTHENTICATION

POST /auth

{ username: admin, password: password123}

Response

Set-Cookie: token=abc123

DELETE/booking/{id}

Cookie: token=abc123

PUTSimilar to POST but rather than create it updates

However, in the real world that might not be the case:

PUT vs POST in REST

DELETESimilar to GET but it deletes rather than reads the

resource

ITERATION THREE - INVESTIGATINGUPDATE / DELETE

USER STORIES

As a user of restful-booker

I want to be able to protect createand delete functions

So that I can protect the bookingsfrom being changed or deleted

POST /auth

As a user of restful-booker

I want to be able to update a pre-existing booking using its ID

So that I can correct and errorsmade in a booking

PUT /booking/{id}

As a user of restful-booker

I want to be able to delete abooking using its ID

So that I can remove the booking

DELETE /booking/{id}

API can be found at: github.com/mwinteringham/restful-booker

What did you learn?

TAKING RESTFUL TESTING FURTHER

Mobile to Web Service

UI

UI testing

Backend

RESTful testing

AUTOMATION?

WRAPPING UP

THANK YOURestful-booker - https://github.com/mwinteringham/restful-booker

Slides - https://github.com/mwinteringham/reveal.js