KEMBAR78
Agile Testing Days 2018 USA - API Testing Fundamentals | PDF
JoEllen Carter, profile picture
Uploaded byJoEllen Carter
365 views

Agile Testing Days 2018 USA - API Testing Fundamentals

The document provides instructions for an API testing workshop, including opening a Trello board and downloading Postman. It discusses exploring APIs through testing variables, statuses, content types, and functionality by joining requests. Performance and security testing are also covered, such as checking authentication, authorization, and injection points. The workshop emphasizes making API testing fun and integrating it into development pipelines using tools like Newman and Runscope.

Download to read offline
•Open the Trello board at https://goo.gl/U8hdro •Download the Postman desktop app from https://www.getpostman.com/ and follow the installation instructions. No dogs were actually washed in the production of these slides. Get a headstart on API Testing FUNdamentals!
Show of feet (stand up) - who is willing to share their screen (with Postman) with someone? Hands-on for everyone is preferred. Let's self-organize - Screen folk, keep standing. Screenless folk, re-locate to be near a screen. Not enough screens? Follow along with Dan. Move up front and grab a seat near Dan. Screen logistics
API Testing FUNdamentals JoEllen Carter / Dan Gilkerson
What’s so fun about testing an Application Programming Interface?
Do restful APIs take naps?
HTTPRequest URL Method Headers Body
When does the fun start?
Workshop Trello Board https://goo.gl/U8hdro
TeamCity Newman Reporter
Let’s recap….
Exploratory Testing • Identify the variable bits - things that can/will/might change • Apply Heuristics to the variables • Zero, One, Many • Some, None, All • Beginning, Middle, End • Too Many, Too Few • Relative Position, i.e. content
Functional, Contract, & Integration • Basic • Correct status codes are generated for invalid inputs • Request/response bodies contain the correct content type and schema • Backwards-compatibility for public APIs • Advanced • Join API requests together to mirror application functionality
Performance & Security • Performance • Response times under different conditions • Basic Security • Authentication tokens are valid/present • Authorization - account boundaries are not violated • SSL is enforced/warned when not present • Advanced Security • Injection points – headers, parameters, body • Recording tools – what is exposed/available • Rest Security Cheat Sheet; OWASP top 10 security vulnerabilities
To Infinity and Beyond! • API tests are part of your CI/CD pipeline • Newman - command line runner for Postman collections • Runscope - great for testing incoming requests, a la webhooks • Augment unit tests by crossing component boundaries • Tests are accessible to developers to run locally • Tests are purpose-specific - don’t test everything at one time
How much fun did we have?
Links ProgrammableWeb API Security Testing OWASP Top 10 Project List of HTTP Header fields Varonis - Introduction to Oauth Oauth.net Understanding rest and rpc http://kanyerest.xyz/
Thank you! JoEllen Carter @testacious Dan Gilkerson @dangilkerson

More Related Content

PDF
Automation Best Practices
bySauce Labs
 
PDF
Belfast Selenium Meetup
byJustin Ison
 
PDF
Selenium Camp 2016 - Kiev, Ukraine
byJustin Ison
 
PDF
Automated Exploratory Testing
byJustin Ison
 
PPTX
Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...
byAndreas Grabner
 
POTX
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
bySauce Labs
 
PDF
SeleniumCamp 2015 Andrii Soldatenko
byAndrii Soldatenko
 
PDF
Rentv
byTimothy Tsvetkov
 
Automation Best Practices
bySauce Labs
 
Belfast Selenium Meetup
byJustin Ison
 
Selenium Camp 2016 - Kiev, Ukraine
byJustin Ison
 
Automated Exploratory Testing
byJustin Ison
 
Performance Metrics for your Build Pipeline - presented at Vienna WebPerf Oct...
byAndreas Grabner
 
Simplify CI with the Updated Jenkins Plugin for Sauce Labs
bySauce Labs
 
SeleniumCamp 2015 Andrii Soldatenko
byAndrii Soldatenko
 
Rentv
byTimothy Tsvetkov
 

What's hot

PDF
Building serverless-applications
byAndrii Soldatenko
 
PDF
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
byAlina Dolgikh
 
PDF
Mobile Testing Tips - Let's achieve fast feedback loops
byKenneth Poon
 
PPTX
Speed upyourtest with_appium
byVodqaBLR
 
PDF
PyCon Ukraine 2014
byAndrii Soldatenko
 
PPTX
Selenium and Appium Training from Sauce Labs
bySauce Labs
 
PDF
TDD on android. Why and How? (Coding Serbia 2019)
byDanny Preussler
 
PDF
Diffy : Automatic Testing of Microservices @ Twitter
byPuneet Khanduri
 
PDF
Continuous delivery of embedded systems embedded meetup
byMike Long
 
PPT
VodQA_ParallelizingCukes_AmanKing
bypoojaelkunchwar
 
PPTX
Continuous Testing in the Cloud
bySauce Labs
 
PPTX
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
byAndreas Grabner
 
PPTX
Super powered API testing
bypostmanclient
 
PPTX
Make Your UI Tests Resilient with the Next Generation of Frameworks
bySatyajit Malugu
 
PPTX
Effective Code Review (Or How To Alienate Your Coworkers)
byPerforce
 
PPTX
JavaOne 2015: Top Performance Patterns Deep Dive
byAndreas Grabner
 
KEY
Continuous integration & deployment
byAlan Harper
 
PDF
Careful - APIs Inside: Testing and Monitoring for App Development
by3scale
 
PDF
Oscon presentation
bygarrettmoon
 
PDF
SauceCon 2017: Testing @ the Speed of Concurrency
bySauce Labs
 
Building serverless-applications
byAndrii Soldatenko
 
Андрей Солдатенко. Разработка высокопроизводительныx функциональных тестов д...
byAlina Dolgikh
 
Mobile Testing Tips - Let's achieve fast feedback loops
byKenneth Poon
 
Speed upyourtest with_appium
byVodqaBLR
 
PyCon Ukraine 2014
byAndrii Soldatenko
 
Selenium and Appium Training from Sauce Labs
bySauce Labs
 
TDD on android. Why and How? (Coding Serbia 2019)
byDanny Preussler
 
Diffy : Automatic Testing of Microservices @ Twitter
byPuneet Khanduri
 
Continuous delivery of embedded systems embedded meetup
byMike Long
 
VodQA_ParallelizingCukes_AmanKing
bypoojaelkunchwar
 
Continuous Testing in the Cloud
bySauce Labs
 
Deploy Faster Without Failing Faster - Metrics-Driven - Dynatrace User Groups...
byAndreas Grabner
 
Super powered API testing
bypostmanclient
 
Make Your UI Tests Resilient with the Next Generation of Frameworks
bySatyajit Malugu
 
Effective Code Review (Or How To Alienate Your Coworkers)
byPerforce
 
JavaOne 2015: Top Performance Patterns Deep Dive
byAndreas Grabner
 
Continuous integration & deployment
byAlan Harper
 
Careful - APIs Inside: Testing and Monitoring for App Development
by3scale
 
Oscon presentation
bygarrettmoon
 
SauceCon 2017: Testing @ the Speed of Concurrency
bySauce Labs
 

Similar to Agile Testing Days 2018 USA - API Testing Fundamentals

PDF
Api FUNdamentals #MHA2017
byJoEllen Carter
 
PDF
Api fundamentals
byAgileDenver
 
PPTX
Apitesting.pptx
byNamanVerma88
 
PPTX
API testing - Japura.pptx
byTharindaLiyanage1
 
PPTX
Belajar Postman test runner
byFachrul Choliluddin
 
PDF
Api Testing.pdf
byJitendraYadav351971
 
PDF
API testing Notes and features, difference.pdf
bykunjukunjuzz904
 
PPTX
Api Testing
byVishwanath KC
 
PPTX
Api Testing
byVishwanath KC
 
PPTX
API Testing for everyone.pptx
byPricilla Bilavendran
 
PDF
POST/CON Keynote 2019
byPostman
 
PDF
Advanced Testing
byPostman
 
PPT
Postman.ppt
byParrotBAD
 
PPTX
Soap UI and postman
byTushar Agarwal
 
PPTX
API Testing Using REST Assured with TestNG
bySiddharth Sharma
 
PPTX
Postman PowerPoint template is a free template with a postman illustration an...
bypostmanapi6
 
PPTX
POST/CON 2019 Workshop: Design, Develop, and Mock APIs with Postman
byPostman
 
PDF
TEST PPTBCHDBHBHBHVBHJEFVHJVBFHVBFHVBHFVBFHVHFVBFHVBHFVBFHVBFHVBFVBFVBHVBVBFHVB
byutsavaggarwal8
 
PPTX
B4USolution_API-Testing
byb4usolution .
 
PDF
API Testing Interview Preparation and Methods
byVivekanandaSamantra2
 
Api FUNdamentals #MHA2017
byJoEllen Carter
 
Api fundamentals
byAgileDenver
 
Apitesting.pptx
byNamanVerma88
 
API testing - Japura.pptx
byTharindaLiyanage1
 
Belajar Postman test runner
byFachrul Choliluddin
 
Api Testing.pdf
byJitendraYadav351971
 
API testing Notes and features, difference.pdf
bykunjukunjuzz904
 
Api Testing
byVishwanath KC
 
Api Testing
byVishwanath KC
 
API Testing for everyone.pptx
byPricilla Bilavendran
 
POST/CON Keynote 2019
byPostman
 
Advanced Testing
byPostman
 
Postman.ppt
byParrotBAD
 
Soap UI and postman
byTushar Agarwal
 
API Testing Using REST Assured with TestNG
bySiddharth Sharma
 
Postman PowerPoint template is a free template with a postman illustration an...
bypostmanapi6
 
POST/CON 2019 Workshop: Design, Develop, and Mock APIs with Postman
byPostman
 
TEST PPTBCHDBHBHBHVBHJEFVHJVBFHVBFHVBHFVBFHVHFVBFHVBHFVBFHVBFHVBFVBFVBHVBVBFHVB
byutsavaggarwal8
 
B4USolution_API-Testing
byb4usolution .
 
API Testing Interview Preparation and Methods
byVivekanandaSamantra2
 

More from JoEllen Carter

TXT
Agile Testing Days 2018 - API Fundamentals - postman collection
byJoEllen Carter
 
DOCX
Mapping Mashup Story Mapping Exercise 3 uncolored cards
byJoEllen Carter
 
DOCX
Mapping Mashup Exercise solutions
byJoEllen Carter
 
PDF
Mapping Mashup Exercise handouts
byJoEllen Carter
 
PPTX
Atd 2016-mapping-mashup
byJoEllen Carter
 
PDF
Agile testing to build the right thing - Lisa Crispin and JoEllen Carter
byJoEllen Carter
 
Agile Testing Days 2018 - API Fundamentals - postman collection
byJoEllen Carter
 
Mapping Mashup Story Mapping Exercise 3 uncolored cards
byJoEllen Carter
 
Mapping Mashup Exercise solutions
byJoEllen Carter
 
Mapping Mashup Exercise handouts
byJoEllen Carter
 
Atd 2016-mapping-mashup
byJoEllen Carter
 
Agile testing to build the right thing - Lisa Crispin and JoEllen Carter
byJoEllen Carter
 

Recently uploaded

PDF
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
PDF
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
PDF
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
PDF
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
PPTX
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
PDF
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
PDF
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
PPTX
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PDF
Session 4 - Specialized AI Associate Series: UiPath Document Understanding O...
byDianaGray10
 
PPTX
"Towards React Server Components in Clojure", Roman Liutikov
byFwdays
 
PDF
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
PDF
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
PDF
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
PDF
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
PDF
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PDF
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
PDF
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
PDF
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 
UnityNet Digital Sovereignty Checklist 2025-10-13
byLHelferty
 
Session 2 - Agentic Orchestration with UiPath Maestro
byDianaGray10
 
KV Caching Strategies for Latency-Critical LLM Applications by John Thomson
byScyllaDB
 
Beyond Generative AI: Creating Demand for Compute in the 2030s
byReidar Wasenius
 
"Daily workflows with Cursor IDE", Maksym Anisimov
byFwdays
 
Application Monitoring and Observability: Elastic Stack Solution for Producti...
byPattabhi Amperayani
 
TrustArc Webinar - Migration to TrustArc: What Your Journey Will Look Like
byTrustArc
 
Agentic AI Solutions and Services | Aeologic
byankitaeologic
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
Session 4 - Specialized AI Associate Series: UiPath Document Understanding O...
byDianaGray10
 
"Towards React Server Components in Clojure", Roman Liutikov
byFwdays
 
Getting the Best of TrueDEM – October News & Updates
bypanagenda
 
Atlantix is an AI-first venture studio, building companies with AI at the core
byadmin625551
 
Unlocking Full-Stack Observability for AIOps: A Precisely Ironstream for Big ...
byPrecisely
 
The Journey Is The Reward - Apple Maps Travel Companion
byJohn Andrews
 
A fool with a tool is still a fool - Plone Conference 2025
byAndreas Jung
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
How to Measure Microsoft 365 Copilot Success and Manage AI Risk: Advanced Str...
byNikki Chapple
 
UiPath DevConnect 2025: Introduction to Agentic Automation
byDianaGray10
 
NSSHOEU-J 4x35mm² Cable Specification.pdf
byAnhui Feichun Special Cable Co., Ltd.
 

Agile Testing Days 2018 USA - API Testing Fundamentals

  • 1.
    •Open the Trelloboard at https://goo.gl/U8hdro •Download the Postman desktop app from https://www.getpostman.com/ and follow the installation instructions. No dogs were actually washed in the production of these slides. Get a headstart on API Testing FUNdamentals!
  • 2.
    Show of feet(stand up) - who is willing to share their screen (with Postman) with someone? Hands-on for everyone is preferred. Let's self-organize - Screen folk, keep standing. Screenless folk, re-locate to be near a screen. Not enough screens? Follow along with Dan. Move up front and grab a seat near Dan. Screen logistics
  • 3.
    API Testing FUNdamentals JoEllenCarter / Dan Gilkerson
  • 4.
    What’s so funabout testing an Application Programming Interface?
  • 7.
    Do restful APIstake naps?
  • 8.
  • 9.
    When does thefun start?
  • 10.
  • 11.
  • 12.
  • 13.
    Exploratory Testing • Identifythe variable bits - things that can/will/might change • Apply Heuristics to the variables • Zero, One, Many • Some, None, All • Beginning, Middle, End • Too Many, Too Few • Relative Position, i.e. content
  • 14.
    Functional, Contract, & Integration •Basic • Correct status codes are generated for invalid inputs • Request/response bodies contain the correct content type and schema • Backwards-compatibility for public APIs • Advanced • Join API requests together to mirror application functionality
  • 15.
    Performance & Security •Performance • Response times under different conditions • Basic Security • Authentication tokens are valid/present • Authorization - account boundaries are not violated • SSL is enforced/warned when not present • Advanced Security • Injection points – headers, parameters, body • Recording tools – what is exposed/available • Rest Security Cheat Sheet; OWASP top 10 security vulnerabilities
  • 16.
    To Infinity andBeyond! • API tests are part of your CI/CD pipeline • Newman - command line runner for Postman collections • Runscope - great for testing incoming requests, a la webhooks • Augment unit tests by crossing component boundaries • Tests are accessible to developers to run locally • Tests are purpose-specific - don’t test everything at one time
  • 17.
    How much fundid we have?
  • 18.
    Links ProgrammableWeb API Security Testing OWASPTop 10 Project List of HTTP Header fields Varonis - Introduction to Oauth Oauth.net Understanding rest and rpc http://kanyerest.xyz/
  • 19.