Understanding and testing restful web services

UNDERSTANDING AND TESTING
RESTFUL WEB SERVICES
PLEASE INSTALL
POSTMAN - REST Client
POSTMAN Interceptor
www.getpostman.com
www.getpostman.com/features#interceptor
Created by /Mark Winteringham @mwtestconsult

ABOUT ME...
-
-
-
www.mwtestconsultancy.co.uk
@mwtestconsult
linkedin.com/in/markwinteringham

WORKSHOP GOALS
Explore the basics of a RESTful WebServices
Build requests to query and manipulate data
Try out different test design techniques
Going forward with the skills you've learnt

WELCOME TO 'THE BEST AT REST LTD'
Creators of RESTFUL-BOOKER
A restful webservice that allows hotels
to store booking details about their
guests

RESTFUL-BOOKER REQUIREMENTS
1. Must be able to create, read, update and
delete bookings
2. Bookings must be searchable
3. Bookings must store the following items
Guests name
The price of their booking
Whether they have paid a deposit
The dates of their booking
Any additional needs

GITHUB REPOS
Restful booker:
Slides:
www.github.com/mwinteringham/restful-booker
www.github.com/mwinteringham/reveal.js

POSTMAN
Our test tool for the workshop

WEB SERVICE
'A Web service is a software system designed to support
interoperable machine-to-machine interaction over a network.'
http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/#webservice

Mobile to Web Service
UI Backend

Web Service to Web Service
Reports Search

A service-oriented architecture

WHAT MAKES A SERVICE RESTFUL?
Stateless
Cacheable
Uniform Interface
Client-Server
Layered System
Code on Demand
Identify a resource
Manipulate a resource
URIs
HTTP
A web service has to use
specific standards to:
http://c2.com/cgi/wiki?RestArchitecturalStyle

A RESTFUL WEB SERVICE EXAMPLE
http://adrianmejia.com/blog/2014/10/01/creating-a-restful-api-tutorial-with-nodejs-and-mongodb/

REST-REPORTER
https://github.com/mwinteringham/restful-booker
rest-reporter is a C.R.U.D. service

A TYPICAL HTTP READ REQUEST
URI Path
RI Host

UNIFORM RESOURCE IDENTIFIERS
Resource
Booking resource 1
_id:
5534e8cdbb97c77e0eb7ae51
Something the service exposes to
the end user to interact with such
as an image, video, html, text, etc.
GET /booking/5534e8cdbb97c77e0eb7ae51

UNIFORM RESOURCE IDENTIFIERS
scheme ://host :port /resource ?queryString
http://localhost:3001/booking?name=mary

QUERY STRINGS
A query string indicates additional actions you might
want to apply to the resource/resources you want
Returns all bookings between two dates whereas:
GET /booking?checkin=2014-03-13&checkout=2014-05-21
Returns all the bookings
GET /booking

CREATING QUERY STRINGS
Query strings start with a ? after the resource path
Are declared as key=value
Multiple query declarations are joined using &
For example:
GET /booking?checkin=2014-03-13&checkout=2014-05-21

HTTP Verb

HTTP VERBS
HTTP methods indicate an action the user would like to
do on a resource
CREATE = POST
READ = GET
UPDATE = PUT
DELETE = DELETE

VERBS IN ACTION
GET - Returns current bookings
POST - Creates a new booking
http://localhost:3001/booking
http://localhost:3001/booking
OPTION http://localhost:3001/booking
Returns which Verbs can be used on a URI

eaders

HTTP HEADERS
Define the operating parameters of an HTTP request such as:
What is requesting the resource
What format the resource should be in
Authorisation that the resource can be requested
And more: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields

HTTP HEADERS
Adding headers can alter the behaviour of the service and its response
Key: Value Outcome
Accept: application/json JSON is returned
Accept: application/xml XML is returned

A TYPICAL HTTP RESPONSE
HTTP Status code

HTTP STATUS CODES
Indicator of how the server has responded to the request you've sent
1xx Informational
2xx Success
3xx Redirection
4xx Client Error
5xx Server Error
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

TYPICAL HTTP STATUS CODES
200 Server has carried out its actions successfully
404 URI path doesn't exist
403 You're not authorised to access the path
500 Server error
503 Service is unavailable

A TYPICAL HTTP RESPONSE
Payload

TYPES OF PAYLOADS
JSON
id":"5534e8cdbb97c77e0eb7ae65",
irstName":"Jim",
astName":"Wilson",
otalPrice":787,
epositPaid":false,
dditionalNeeds": "Breakfast",
ookingDates":{
"checkIn":"2013-08-10T22:34:22",
"checkOut":"2015-03-23T14:00:00"
XML
<_id>5534e8cdbb97c77e0eb7ae65</_id>
<firstName>Jim</firstName>
<lastName>Wilson</lastName>
<totalPrice>787</totalPrice>
<depositPaid>false</depositPaid>
<additionalNeeds>Breakfast</additionalNeeds
>
<bookingDates>
<checkIn>2013-08-10T22:34:22</checkIn>
<checkOut>2015-03-23T14:00:00</checkOut
>
</bookingDates>
HTML
5534e8cdbb97c77e0eb7ae65
Jim
Wilson
787
false
breakfast
<ul>
<li>2013-08-10T22:34:22</li>
<li>2015-03-23T14:00:00</li>
</ul>

ITERATION ONE - INVESTIGATING READ
USERS STORIES
As a user of restful-booker
I want to be able to view all
current booking IDs
So that I can choose an ID to view
the booking of
GET /booking
I want to be able to search on the
booking dates
So that I can filter the relevant
booking IDs I require
GET /booking?
checkin=*&checkout=*
I want to be able to retrieve a
booking using its ID
So that I can view the details of
that booking
GET /booking/{id}
API can be found at: github.com/mwinteringham/restful-booker

A TYPICAL HTTP CREATE REQUEST
Change in HTTP Verb
ayload

PAYLOAD
A representation of the resource you want to create
through the service
The parameters and the structure of the payload have
strict rules.
Which can also be known as a 'contract'

XML PAYLOADS
<booking>
<firstName>Mark</firstName>
<lastName>test</lastName>
<totalPrice>300.00</totalPrice>
<depositPaid>true</depositPaid>
<additionalNeeds>Breakfast</additionalNeeds>
<bookingDates>
<checkIn>11/11/2014</checkIn>
<checkOut>12/11/2014</checkOut>
</bookingDates>
</booking>
https://en.wikipedia.org/wiki/XML

JSON PAYLOADS
{
"firstName": "Mark",
"lastName": "test",
"totalPrice": 300.00,
"depositPaid": true,
"additionalNeeds": "Breakfast",
"bookingDates": {
"checkIn": "11/11/2014",
"checkOut": "12/11/2014"
}
}
http://json.org/

DATA TYPES
{
"firstName": "Mark",
"lastName": "test",
"totalPrice": 300.00,
"depositPaid": true,
"additionalNeeds": "Breakfast",
"bookingDates": {
"checkIn": "11/11/2014",
"checkOut": "12/11/2014"
}
}
String
Number
Boolean
Dates (String)

ROBUSTNESS PRINCIPLE
`Be conservative in what you do, be liberal in what you accept from others`
Postel's law
When sending a payload the service should conform to the contract being sent
When receiving a payload the service should accept invalid data without error

POST RELATED HEADERS
Key Value
Content-Type: application/json, text/xml
Content-Length: 157

ITERATION TWO - INVESTIGATING
CREATE
USER STORIES
I want to be able to create
So that I can choose an ID to view
the booking of
POST /booking

AUTHORISATION
Services generally have one or more layers of security
such as:
Basic access authentication
Cookie based authentication
This isn't an exhaustive list
There may be other layers of security in place

HTTP HEADERS - COOKIES
Cookies are also a type of header and can be added to a
request
Cookie: COOKIEVAL1=abc; COOKIEVAL2=def;

BASIC ACCESS AUTHENTICATION
Comes in the form of a header
Authorization Basic Base64(username:password)
Authorization Basic dXNlcm5hbWU6cGFzc3dvcmQ=
https://en.wikipedia.org/wiki/Basic_access_authentication

COOKIE BASED AUTHENTICATION
POST /auth
{
username: admin,
password: password123
}
Response
Set-Cookie: token=abc123
DELETE
/booking/{id}
Cookie: token=abc123

PUT
Similar to POST but rather than create it updates
However, in the real world that might not be the case:
PUT vs POST in REST

DELETE
Similar to GET but it deletes rather than reads the
resource

ITERATION THREE - INVESTIGATING
UPDATE / DELETE
USER STORIES
I want to be able to protect create
and delete functions
So that I can protect the bookings
from being changed or deleted
POST /auth
I want to be able to update a pre-
existing booking using its ID
So that I can correct and errors
made in a booking
PUT /booking/{id}
I want to be able to delete a
booking using its ID
So that I can remove the booking
DELETE /booking/{id}

TAKING RESTFUL TESTING FURTHER

Mobile to Web Service
UI
UI testing
Backend
RESTful testing

THANK YOU
Restful-booker - https://github.com/mwinteringham/restful-booker
Slides - https://github.com/mwinteringham/reveal.js

Understanding and testing restful web services

More Related Content

What's hot

Similar to Understanding and testing restful web services

Recently uploaded

Understanding and testing restful web services