Understanding and testing restful web services
- 1. UNDERSTANDING AND TESTING RESTFUL WEB SERVICES PLEASE INSTALL POSTMAN - REST Client POSTMAN Interceptor www.getpostman.com www.getpostman.com/features#interceptor Created by /Mark Winteringham @mwtestconsult
- 3. WORKSHOP GOALS Explore the basics of a RESTful WebServices Build requests to query and manipulate data Try out different test design techniques Going forward with the skills you've learnt
- 4. WELCOME TO 'THE BEST AT REST LTD' Creators of RESTFUL-BOOKER A restful webservice that allows hotels to store booking details about their guests
- 5. RESTFUL-BOOKER REQUIREMENTS 1. Must be able to create, read, update and delete bookings 2. Bookings must be searchable 3. Bookings must store the following items Guests name The price of their booking Whether they have paid a deposit The dates of their booking Any additional needs
- 7. POSTMAN Our test tool for the workshop
- 9. WEB SERVICE 'A Web service is a software system designed to support interoperable machine-to-machine interaction over a network.' http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/#webservice
- 10. Mobile to Web Service UI Backend
- 11. Web Service to Web Service Reports Search
- 13. WHAT MAKES A SERVICE RESTFUL? Stateless Cacheable Uniform Interface Client-Server Layered System Code on Demand Identify a resource Manipulate a resource URIs HTTP A web service has to use specific standards to: http://c2.com/cgi/wiki?RestArchitecturalStyle
- 15. REST-REPORTER https://github.com/mwinteringham/restful-booker rest-reporter is a C.R.U.D. service
- 17. READ
- 19. UNIFORM RESOURCE IDENTIFIERS Resource Booking resource 1 _id: 5534e8cdbb97c77e0eb7ae51 Something the service exposes to the end user to interact with such as an image, video, html, text, etc. GET /booking/5534e8cdbb97c77e0eb7ae51
- 20. UNIFORM RESOURCE IDENTIFIERS scheme ://host :port /resource ?queryString http://localhost:3001/booking?name=mary
- 21. QUERY STRINGS A query string indicates additional actions you might want to apply to the resource/resources you want Returns all bookings between two dates whereas: GET /booking?checkin=2014-03-13&checkout=2014-05-21 Returns all the bookings GET /booking
- 22. CREATING QUERY STRINGS Query strings start with a ? after the resource path Are declared as key=value Multiple query declarations are joined using & For example: GET /booking?checkin=2014-03-13&checkout=2014-05-21
- 24. HTTP VERBS HTTP methods indicate an action the user would like to do on a resource CREATE = POST READ = GET UPDATE = PUT DELETE = DELETE
- 25. VERBS IN ACTION GET - Returns current bookings POST - Creates a new booking http://localhost:3001/booking http://localhost:3001/booking OPTION http://localhost:3001/booking Returns which Verbs can be used on a URI
- 27. HTTP HEADERS Define the operating parameters of an HTTP request such as: What is requesting the resource What format the resource should be in Authorisation that the resource can be requested And more: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
- 28. HTTP HEADERS Adding headers can alter the behaviour of the service and its response Key: Value Outcome Accept: application/json JSON is returned Accept: application/xml XML is returned
- 30. HTTP STATUS CODES Indicator of how the server has responded to the request you've sent 1xx Informational 2xx Success 3xx Redirection 4xx Client Error 5xx Server Error https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
- 31. TYPICAL HTTP STATUS CODES 200 Server has carried out its actions successfully 404 URI path doesn't exist 403 You're not authorised to access the path 500 Server error 503 Service is unavailable
- 34. ITERATION ONE - INVESTIGATING READ USERS STORIES As a user of restful-booker I want to be able to view all current booking IDs So that I can choose an ID to view the booking of GET /booking As a user of restful-booker I want to be able to search on the booking dates So that I can filter the relevant booking IDs I require GET /booking? checkin=*&checkout=* As a user of restful-booker I want to be able to retrieve a booking using its ID So that I can view the details of that booking GET /booking/{id} API can be found at: github.com/mwinteringham/restful-booker
- 35. What did you learn?
- 36. CREATE
- 37. A TYPICAL HTTP CREATE REQUEST Change in HTTP Verb ayload
- 38. PAYLOAD A representation of the resource you want to create through the service The parameters and the structure of the payload have strict rules. Which can also be known as a 'contract'
- 40. JSON PAYLOADS { "firstName": "Mark", "lastName": "test", "totalPrice": 300.00, "depositPaid": true, "additionalNeeds": "Breakfast", "bookingDates": { "checkIn": "11/11/2014", "checkOut": "12/11/2014" } } http://json.org/
- 41. DATA TYPES { "firstName": "Mark", "lastName": "test", "totalPrice": 300.00, "depositPaid": true, "additionalNeeds": "Breakfast", "bookingDates": { "checkIn": "11/11/2014", "checkOut": "12/11/2014" } } String Number Boolean Dates (String)
- 42. ROBUSTNESS PRINCIPLE `Be conservative in what you do, be liberal in what you accept from others` Postel's law When sending a payload the service should conform to the contract being sent When receiving a payload the service should accept invalid data without error
- 43. POST RELATED HEADERS Key Value Content-Type: application/json, text/xml Content-Length: 157
- 44. ITERATION TWO - INVESTIGATING CREATE USER STORIES As a user of restful-booker I want to be able to create So that I can choose an ID to view the booking of POST /booking API can be found at: github.com/mwinteringham/restful-booker
- 45. What did you learn?
- 46. UPDATE/DELETE
- 47. AUTHORISATION Services generally have one or more layers of security such as: Basic access authentication Cookie based authentication This isn't an exhaustive list There may be other layers of security in place
- 48. HTTP HEADERS - COOKIES Cookies are also a type of header and can be added to a request Cookie: COOKIEVAL1=abc; COOKIEVAL2=def;
- 49. BASIC ACCESS AUTHENTICATION Comes in the form of a header Authorization Basic Base64(username:password) Authorization Basic dXNlcm5hbWU6cGFzc3dvcmQ= https://en.wikipedia.org/wiki/Basic_access_authentication
- 50. COOKIE BASED AUTHENTICATION POST /auth { username: admin, password: password123 } Response Set-Cookie: token=abc123 DELETE /booking/{id} Cookie: token=abc123
- 51. PUT Similar to POST but rather than create it updates However, in the real world that might not be the case: PUT vs POST in REST
- 52. DELETE Similar to GET but it deletes rather than reads the resource
- 53. ITERATION THREE - INVESTIGATING UPDATE / DELETE USER STORIES As a user of restful-booker I want to be able to protect create and delete functions So that I can protect the bookings from being changed or deleted POST /auth As a user of restful-booker I want to be able to update a pre- existing booking using its ID So that I can correct and errors made in a booking PUT /booking/{id} As a user of restful-booker I want to be able to delete a booking using its ID So that I can remove the booking DELETE /booking/{id} API can be found at: github.com/mwinteringham/restful-booker
- 54. What did you learn?
- 56. Mobile to Web Service UI UI testing Backend RESTful testing
- 57. AUTOMATION?
- 58. WRAPPING UP
- 59. THANK YOU Restful-booker - https://github.com/mwinteringham/restful-booker Slides - https://github.com/mwinteringham/reveal.js