Understanding and testing restful web services
-
Upload
mwinteringham -
Category
Technology
-
view
360 -
download
2
Transcript of Understanding and testing restful web services
UNDERSTANDING AND TESTINGRESTFUL WEB SERVICES
PLEASE INSTALL
POSTMAN - REST Client
POSTMAN Interceptor
www.getpostman.com
www.getpostman.com/features#interceptor
Created by / Mark Winteringham @mwtestconsult
ABOUT ME... -
-
-
www.mwtestconsultancy.co.uk
@mwtestconsult
linkedin.com/in/markwinteringham
WORKSHOP GOALSExplore the basics of a RESTful WebServices
Build requests to query and manipulate data
Try out different test design techniques
Going forward with the skills you've learnt
WELCOME TO 'THE BEST AT REST LTD'
Creators of RESTFUL-BOOKER
A restful webservice that allows hotelsto store booking details about their
guests
RESTFUL-BOOKER REQUIREMENTS1. Must be able to create, read, update and
delete bookings2. Bookings must be searchable3. Bookings must store the following items
Guests nameThe price of their bookingWhether they have paid a depositThe dates of their bookingAny additional needs
GITHUB REPOSRestful booker:
Slides:
www.github.com/mwinteringham/restful-booker
www.github.com/mwinteringham/reveal.js
POSTMANOur test tool for the workshop
RESTFUL WEB SERVICE
WEB SERVICE
'A Web service is a software system designed to supportinteroperable machine-to-machine interaction over a network.'
http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/#webservice
Mobile to Web Service
UI Backend
Web Service to Web Service
Reports Search
A service-oriented architecture
WHAT MAKES A SERVICE RESTFUL?
StatelessCacheable
Uniform InterfaceClient-Server
Layered SystemCode on Demand
Identify a resourceManipulate a resource
URIsHTTP
A web service has to usespecific standards to:
http://c2.com/cgi/wiki?RestArchitecturalStyle
A RESTFUL WEB SERVICE EXAMPLE
http://adrianmejia.com/blog/2014/10/01/creating-a-restful-api-tutorial-with-nodejs-and-mongodb/
REST-REPORTERhttps://github.com/mwinteringham/restful-booker
rest-reporter is a C.R.U.D. service
CREATE
READ
UPDATE
DELETE
READ
A TYPICAL HTTP READ REQUESTURI Path
URI Host
UNIFORM RESOURCE IDENTIFIERS
Resource
Booking resource 1
_id:5534e8cdbb97c77e0eb7ae51
Something the service exposes tothe end user to interact with suchas an image, video, html, text, etc.
GET /booking/5534e8cdbb97c77e0eb7ae51
UNIFORM RESOURCE IDENTIFIERSscheme ://host :port /resource ?queryString
http://localhost:3001/booking?name=mary
QUERY STRINGSA query string indicates additional actions you might
want to apply to the resource/resources you want
Returns all bookings between two dates whereas:
GET /booking?checkin=2014-03-13&checkout=2014-05-21
Returns all the bookings
GET /booking
CREATING QUERY STRINGSQuery strings start with a ? after the resource pathAre declared as key=valueMultiple query declarations are joined using &
For example:
GET /booking?checkin=2014-03-13&checkout=2014-05-21
A TYPICAL HTTP READ REQUESTHTTP Verb
HTTP VERBSHTTP methods indicate an action the user would like to
do on a resource
CREATE = POST
READ = GET
UPDATE = PUT
DELETE = DELETE
VERBS IN ACTION
GET - Returns current bookings
POST - Creates a new booking
http://localhost:3001/booking
http://localhost:3001/booking
OPTION http://localhost:3001/booking
Returns which Verbs can be used on a URI
A TYPICAL HTTP READ REQUEST
Headers
HTTP HEADERSDefine the operating parameters of an HTTP request such as:
What is requesting the resourceWhat format the resource should be inAuthorisation that the resource can be requested
And more: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
HTTP HEADERSAdding headers can alter the behaviour of the service and its response
Key: Value Outcome
Accept: application/json JSON is returned
Accept: application/xml XML is returned
A TYPICAL HTTP RESPONSEHTTP Status code
HTTP STATUS CODESIndicator of how the server has responded to the request you've sent
1xx Informational
2xx Success
3xx Redirection
4xx Client Error
5xx Server Error
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
TYPICAL HTTP STATUS CODES200 Server has carried out its actions successfully
404 URI path doesn't exist
403 You're not authorised to access the path
500 Server error
503 Service is unavailable
A TYPICAL HTTP RESPONSE
Payload
TYPES OF PAYLOADSJSON
"_id":"5534e8cdbb97c77e0eb7ae65", "firstName":"Jim", "lastName":"Wilson", "totalPrice":787, "depositPaid":false, "additionalNeeds": "Breakfast", "bookingDates":{ "checkIn":"2013-08-10T22:34:22", "checkOut":"2015-03-23T14:00:00"
XML
<_id>5534e8cdbb97c77e0eb7ae65</_id><firstName>Jim</firstName><lastName>Wilson</lastName><totalPrice>787</totalPrice><depositPaid>false</depositPaid><additionalNeeds>Breakfast</additionalNeeds><bookingDates> <checkIn>2013-08-10T22:34:22</checkIn> <checkOut>2015-03-23T14:00:00</checkOut></bookingDates>
HTML
<p>5534e8cdbb97c77e0eb7ae65</p><p>Jim</p><p>Wilson</p><p>787</p><p>false</p><p>breakfast</p><ul> <li>2013-08-10T22:34:22</li> <li>2015-03-23T14:00:00</li></ul>
ITERATION ONE - INVESTIGATING READUSERS STORIES
As a user of restful-booker
I want to be able to view allcurrent booking IDs
So that I can choose an ID to viewthe booking of
GET /booking
As a user of restful-booker
I want to be able to search on thebooking dates
So that I can filter the relevantbooking IDs I require
GET /booking?checkin=*&checkout=*
As a user of restful-booker
I want to be able to retrieve abooking using its ID
So that I can view the details ofthat booking
GET /booking/{id}
API can be found at: github.com/mwinteringham/restful-booker
What did you learn?
CREATE
A TYPICAL HTTP CREATE REQUESTChange in HTTP Verb
Payload
PAYLOADA representation of the resource you want to create
through the service
The parameters and the structure of the payload havestrict rules.
Which can also be known as a 'contract'
XML PAYLOADS<booking> <firstName>Mark</firstName> <lastName>test</lastName> <totalPrice>300.00</totalPrice> <depositPaid>true</depositPaid> <additionalNeeds>Breakfast</additionalNeeds> <bookingDates> <checkIn>11/11/2014</checkIn> <checkOut>12/11/2014</checkOut> </bookingDates></booking>
https://en.wikipedia.org/wiki/XML
JSON PAYLOADS{ "firstName": "Mark", "lastName": "test", "totalPrice": 300.00, "depositPaid": true, "additionalNeeds": "Breakfast", "bookingDates": { "checkIn": "11/11/2014", "checkOut": "12/11/2014" }}
http://json.org/
DATA TYPES { "firstName": "Mark", "lastName": "test", "totalPrice": 300.00, "depositPaid": true, "additionalNeeds": "Breakfast", "bookingDates": { "checkIn": "11/11/2014", "checkOut": "12/11/2014" }}
String
Number
Boolean
Dates (String)
ROBUSTNESS PRINCIPLE`Be conservative in what you do, be liberal in what you accept from others`
Postel's law
When sending a payload the service should conform to the contract being sentWhen receiving a payload the service should accept invalid data without error
POST RELATED HEADERSKey Value
Content-Type: application/json, text/xml
Content-Length: 157
ITERATION TWO - INVESTIGATINGCREATEUSER STORIES
As a user of restful-booker
I want to be able to create
So that I can choose an ID to viewthe booking of
POST /booking
API can be found at: github.com/mwinteringham/restful-booker
What did you learn?
UPDATE/DELETE
AUTHORISATIONServices generally have one or more layers of security
such as:
Basic access authenticationCookie based authentication
This isn't an exhaustive list
There may be other layers of security in place
HTTP HEADERS - COOKIESCookies are also a type of header and can be added to a
request
Cookie: COOKIEVAL1=abc; COOKIEVAL2=def;
BASIC ACCESS AUTHENTICATIONComes in the form of a header
Authorization Basic Base64(username:password)
Authorization Basic dXNlcm5hbWU6cGFzc3dvcmQ=
https://en.wikipedia.org/wiki/Basic_access_authentication
COOKIE BASED AUTHENTICATION
POST /auth
{ username: admin, password: password123}
Response
Set-Cookie: token=abc123
DELETE/booking/{id}
Cookie: token=abc123
PUTSimilar to POST but rather than create it updates
However, in the real world that might not be the case:
PUT vs POST in REST
DELETESimilar to GET but it deletes rather than reads the
resource
ITERATION THREE - INVESTIGATINGUPDATE / DELETE
USER STORIES
As a user of restful-booker
I want to be able to protect createand delete functions
So that I can protect the bookingsfrom being changed or deleted
POST /auth
As a user of restful-booker
I want to be able to update a pre-existing booking using its ID
So that I can correct and errorsmade in a booking
PUT /booking/{id}
As a user of restful-booker
I want to be able to delete abooking using its ID
So that I can remove the booking
DELETE /booking/{id}
API can be found at: github.com/mwinteringham/restful-booker
What did you learn?
TAKING RESTFUL TESTING FURTHER
Mobile to Web Service
UI
UI testing
Backend
RESTful testing
AUTOMATION?
WRAPPING UP
THANK YOURestful-booker - https://github.com/mwinteringham/restful-booker
Slides - https://github.com/mwinteringham/reveal.js