Api

346

What is api ?

API stands for "Application Programming Interface." It is a set of protocols and tools for building software applications.

In simpler terms, an API is like a waiter in a restaurant who takes our order and sends it to the kitchen, and brings our food back. So we are the user of the API, the kitchen is the system that performs the requested task, and the waiter is the API that communicates between user and the system.

For example, the Google Maps API allows developers to integrate Google Maps into their own applications, such as ola app that displays a map showing the location of nearby drivers and your own location. The API provides the necessary code to access the map data and display it within the app.

Advantages of API ?

Increased efficiency: By using APIs, developers can access pre-built services instead of having to build everything from scratch. This can save time and resources, making development more efficient.

Improved security: APIs can be used to control access to data and services, ensuring that only authorized users have access.

Easier integration: APIs allow different software systems to communicate and share data with each other. This makes it easier for developers to integrate different systems and create new applications by building on existing ones.

Why api testing and its need ?

API testing is a type of software testing that focuses on testing the functionality and performance of APIs (Application Programming Interfaces).

In simpler terms, API testing is like checking if the waiter in a restaurant is doing their job properly. Just as the waiter takes our order, sends it to the kitchen, and brings back our food, an API takes requests from an application, sends them to the system, and returns a response.

Needs :

API testing is important because APIs are often the backbone of modern applications. If an API is not working properly, it can affect the entire application, leading to errors and poor user experience. By testing APIs, developers can catch and fix issues before they impact users.

Benefits of API testing?

  1. API testing allows you to catch bugs and issues in the early stages of the development cycle, which is crucial for avoiding costly and time-consuming fixes in later stages of development.

  2. API testing can be automated, which reduces the time and effort required for manual testing and enables more comprehensive and consistent testing

  3. API testing can provide feedback on issues faster than other types of testing, which is essential for developers who need to identify and fix issues quickly.

  4. By catching bugs early and reducing manual testing efforts, API testing can save organizations time and money in the long run.

Testing Pyramid :

The testing pyramid is a concept used in software testing that tells the different types of tests and their relative importance in testing.
The testing pyramid helps to ensure that testing efforts are focused on the most important areas of the software.
as we focus more on unit tests followed by integration and GUI tests in the Agile testing approach and vice versa in the traditional one.

Why API Test Automation :

  1. Manual testing is a kind of time taking and boring and there is a chance that there will be more errors in it.
  2. As automated tests run faster in comparison to manual ones it will give the result in a very fast manner.
  3. we can use it for the repeated test so the tester will focus on another task.

Types of API Testing:

Unit Testing:

Integration testing: This type of testing focuses on how the API interacts with other systems or APIs. Testers simulate different scenarios where the API is integrated with other systems to ensure that they are working together as expected.

End-to-end Testing :

Performance Testing :

What is a web service?

A web service is a method of communication or a set of open protocols that allow data to be exchanged between different applications over the internet.

Web services can be used by software programs written in a variety of programming languages and running on a variety of platforms to exchange data.

Why web service ?

Platform independence: Web services use standardized protocols and languages, making them platform independent. This means that applications running on different platforms, such as Windows, Linux, or Mac, can communicate with each other using web services.

Language independence: Web services are also language independent. This means that applications written in different programming languages, such as Java, Python, or C#, can communicate with each other using web services.

Interoperability: Web services enable different applications to exchange data with each other seamlessly, even if they were developed by different companies or organizations.

Security: Web services can be secured using industry-standard encryption and authentication protocols, ensuring that data exchanged between different systems is kept secure.

Difference between api and web services :

  1. Web services always need a kind of network so that they can work where as there is no need of network in api for any kind of operation.

  2. Web service is used to communicate between two machines on a network. where as Web API is used as an interface between two different applications for communicating with each other.

  3. All Web Services are APIs. where as All APIs are not web services.

4.A Web service uses SOAP, REST and XML-RPC for communication whereas API use any style for communication. eg : HTTP, TCP, or FTP.

Rest :

REST API stands for "Representational State Transfer. It is a type of web service architecture that is used to create lightweight and scalable web services.
In simpler terms, a REST API is a way for two computer programs to talk to each other over the internet.

Soap:

SOAP API stands for Simple Object Access Protocol Application Programming Interface. It's a way for different software systems to communicate with each other over the internet using a standardized protocol.
Difference between soap and rest ?

WSDL :

WSDL stands for web services description language,
it is an XML-based interface. which is used to describe web services. A service provider publishes an interface for his web service that describe all the attribute of the web services known as wsdl.

SOAP messages are always in XML format, while REST supports various formats, such as JSON, XML, or plain text.

SOAP messages are transported over HTTP, and HTTPS while REST messages are transported using the HTTP protocol.

REST is generally considered easier to use and more flexible than SOAP, which can be more complex

SOAP is a protocol and the rest is an architectural style.

SOAP requires more bandwidth as the rest is lightweight so it requires less bandwidth.

Post: Create - The POST method is used when you want to send data to a server to create a resource.

Get: Read - The GET method is used when you want to retrieve information from a server, such as a web page or a specific resource.

Put: Update/Replace - The PUT method is used to update an existing resource on the server. It's similar to the POST method, but instead of creating a new resource, it modifies or replaces an existing one.

Patch: Update/Modified - The PATCH method is used to partially update an existing resource on the server. instead of updating the entire resource, it modifies only the specified fields.

Error code :

1XX - Informational req is received
2XX - The request was successful
3XX - The client is redirected to a different resource payment getway
4XX - The request contains an error of some kind
5XX - The server encountered an error fulfilling the request

Shift left :

Shift left testing is a software development approach that involves moving testing activities to earlier stages of the SDLC. In traditional software development models, testing is typically conducted at the end. So in shift left testing, we start testing from the beginning, with the goal of catching defects and issues as early as possible.

what is rest assured?

Rest Assured enables you to test REST APIs using Java libraries. It can be used to test XML & JSON-based web services. It supports GET, POST, PUT, PATCH, and DELETE, requests and can be used to validate and verify the response of these requests. Also, it can be integrated with testing frameworks like JUnit, TestNG, etc.

why do we use rest assured?

  1. RestAssured provides a simple and easy-to-use API for testing RESTful web services
  2. It integrates with several other testing tools and frameworks, such as JUnit, TestNG, Maven, and Gradle, making it easy to use in existing testing environments.
  3. RestAssured provides support for validation of responses
  4. RestAssured can be easily integrated with automation tools, such as Selenium WebDriver, to create end-to-end automated tests.

Header

Headers in Rest Assured refer to the additional information that is sent along with an HTTP request. They provide metadata about the request, such as the type of data being sent, the format of the data, and authentication credentials.

Response res = req.header("ContentType", "application/json")
.header("Accept", "application/json")
.body(data).when().put("/api/users/924");

Path parameter :

Path parameters are a type of parameter that is used to identify a specific resource in a URL path or the URL path we pass using curly braces {}
https://www.library.com/api/books/{bookId}

Query parameter :
filter data
Query parameters are added to the end of a URL after a question mark (?). Each query parameter consists of a key-value pair, with the key and value separated by an equals sign (=).
for example, if we want to find a list of books which is published after a specific date then we write it as
https://www.library.com/api/books?publishedAfter=01-01-2022

Cookies :

Cookies are small pieces of data that are stored on a client's device by a web server. They are typically used to remember user preferences, keep users logged in, and provide a personalized browsing experience.

Types of Cookies: Usually, there are two types of cookies written on user machines

• Session Cookies: These cookies are active till the browser is open. When we close the
browser this session cookie gets deleted

• Persistent Cookies: These cookies are written permanently on the user machine.

BDD in rest assured:

given(): This method is used to specify the base URL and other parameters for the HTTP request. It is typically used at the beginning of a test case to set up the request.

when(): This method is used to specify the HTTP method and the path of the API endpoint to be tested. It is typically used after given() to define the action being performed on the API.

then(): This method is used to specify the expected response from the API. It is typically used after when() to verify the response.

extract(): This method is used to extract data from the response and use it in subsequent tests. For example, it can be used to extract an access token from the response and use it in subsequent requests that require authentication.

CRUD Operation :

Post : Create - The POST method is used when you want to send data to a server to create a resource.

Get : Read - The GET method is used when you want to retrieve information from a server, such as a web page or a specific resource.

Put : Update/Repalce - The PUT method is used to update an existing resource on the server. It's similar to the POST method, but instead of creating a new resource, it modifies or replace an existing one.

Patch : Update/Modified - The PATCH method is used to partially update an existing resource on the server. instead of updating the entire resource, it modifies only the specified fields.

Error code :

200 OK: This status code indicates that the request was successful and the server returned the expected data.

201 Created: This status code indicates that the server has successfully created a new resource as a result of the request.

204 No Content: This status code indicates that the request was successful, but the server has not returned any data in response.

400 Bad Request: This status code indicates that the server could not understand the request due to invalid syntax or missing parameters.

401 Unauthorized: This status code indicates that the request requires authentication, and the client has not provided valid credentials.

403 Forbidden: This status code indicates that the server understands the request, but is refusing to fulfill it due to permission or access restrictions.

404 Not Found: This status code indicates that the requested resource could not be found on the server.

500 Internal Server Error: This status code indicates that the server encountered an error while processing the request.

authentication is the process of verifying who the user is, while authorization is the process of verifying what they have access to