API TESTING -----

DAY 1:::::

CLIENT: It is a computer hardware device or software that accesses a service made

available by the server. The server is often (but not always) located on a separate
physical computer.

SERVER: It is a physical computer dedicated to running services to serve the needs

of other computers. Depending on the service that is running, it could be a file
server, database server, home media server, print server, or web server.

Client/Server Architecture: Tier 3 - Presentation Layer(HTML5, JS, CSS),

Application Layer(Java, .NET, C#, Python, C++), Data Layer(MySQL, Oracle,
PostgreSQL, SQL Server, Mongo DB)

API: Application Programming Interface - is the way of communication between two

applications (or libraries) where applications may differ in their platforms or in
terms of technology.
API acts as a mediator between the Presentation layer and the Data Layer.

Types of APIs:
1. Simple Object Access Protocol (SOAP): It is a messaging protocol that
allows programs that run on disparate operating systems or services like frontend
or backend to communicate
using Hypertext Transfer Protocol(HTTP) and its
Extensible Markup Language(XML).

2. REST (Representational State Transfer): Statelessness is key. An API can

be REST if it follows the below constraints:
* Uniform Interface: Communication with the same resource
(JSON, XML, HTML, TXT) and with proper encoding (UTF-8).
* Stateless: Server doesn't remember anything about the
user who uses the API
* Cacheable: If the data is cacheable, then it might
contain some sort of version number.
* Client-Server: Both are two different entities.
* Layered System: There can be multiple layered systems
between client and server.
* Code on Demand: The server can store the Code or logic to
themselves and transfer it wherever needed rather than client-side logic.

Both in SOAP and REST, we use XML. Transfer is over HTTP.

3. HTTP(Hypertext Transfer Protocol): Most popular application protocol.

HTTP Status Code:

1xx : Informational Messages
2xx : Successful
3xx : Redirection
4xx : Client Error
5xx : Server Error

All Web Services are APIs, but not all APIs are web services. Web service is an API
wrapped in HTTP. A Web Service needs a network while an API doesn't need a network
for its operation.
REST API Methods:
GET
POST
PUT
DELETE
These requests are also called HTTP requests.
URI: Uniform Resource Identifier
URL: Uniform Resource Locator
URN: Uniform Resource Name

AUTHENTICATION: Credentials provided are compared to those on file in a database of

authorized user's information on a local operating system or within an
authentication server.

COOKIE & TOKEN(IN HTTP): When the server receives an HTTP request in the response,
it can send a Set-Cookie header. The browser puts it into the cookie jar, and the
cookie will
be sent along with every request made to the same origin in the Cookie
HTTP header.

Tokens are most widely used in REST APIs. JSON Web Token, kind of unique
string that can identify and its permission level.

Feature: It is the term used in manual testing to test some functionality.

Resource: It is used in API Automation testing referring to some functionality.
Payload: It is the body in the HTTP.

DAY 2:::::

POSTMAN: It is an API testing tool. We can do manual testing of APIs using Postman.
Workspace: It is an area where we can maintain all our files.

Collection: It contains a number of folders and HTTP requests. We can create

any number of collections under the workspace.
--> Collection Runner, Share the Collection, Functional(Iterations),
Performance, Environment

Environment: Variables: It is a set of key-value pairs. {{variable_name}}

Dynamic Variables:
{{$guid}}:
{{$timestamp}}:
{{$randomInt}}:
Data Variable:
Collection Runner lets us import a CSV or a JSON file, and then
use the values from the data file inside HTTP requests and scripts.

Request------> API-----> Response

GET: Retrieve the resource from database.
POST: Create resource on database.
PUT: Update existing resource on database.
PATCH: Update partial details of resource.
DELETE: Delete existing data from database.

Validations:
Status Code
 Time
Size Data
Response Body(JSON/XML)
Cookies
Headers

3 Levels of Status Code:

200
400
500

DAY 3::::::

To create our own APIs:

1. Install NODEJS.
NPM- Node Package Manager
node --version
npm --version
2. JSON(Java Script Object Notation) Server
npm install -g json-server

JSON is a syntax for storing and exchanging data.

Basically, it was designed for human-readable data interchange.
Using JSON schema to construct a model of your API response and makes it
easier to validate your API is returning the data is should.
It is used when data is send from the server to web-page.
Monitor your API responses, ensure they adhere to a specific format.
Get alerted when there is a change in the schema.
Create JSON schema and validate with your JSON response. Draft v4

---> JSON-schema.org
https://jsonschema.net/#/
draft 07 or draft 06

It has been extended from JS scripting language.

The filename extension is .json.
JSON internet media type is application/json.
JSON Data Types: Number, String, Boolean, Object, Array, Null
They are written as key:value pair. Ex: "name":"SSK", "Age":30

Ex: Students Data -- sid, sname, grad

{
"students":[
{
"sid":101,
"sname": "SSK",
"grad":"A"
},
{
"sid":102,
"sname": "NSK",
"grad":"B"
},
{
"sid":103,
"sname": "HSK",
"grad":"C"
}
 ]
}
student[0].sname ----> SSK
student[2].sid ----> 103

jsonpathfinder.com
jsonpath.com

Conditional Flow: is used to give a subsequent request Flow based on the

Conditions.
If(yes)
{
Execute This
}
Else
{
Execute This
}

postman.setNextRequest("Request Name");

postman.setNextRequest(null);
terminates execution

CRUD Operation: (Create, Read, Update, Delete)

Newman: It is a command line Collection Runner for Postman. It allows you to run or
test a Postman Collection directly from the command line.
npm install -g newman
newman run yourcollection.json

Export, install newman command line, newman repository npm

newman run "YT 1.postman_collection.json"

Also, you can create link(shared link)
newman run link

running newman with environment

newman run www........com/... -e environment_name
newman run www........com/... -e environment_name -g global_varibale_name
newman run www........com/... -e environment_name -g global_varibale_name -r
cli.json.junit.html

-k disables SSL verification checks and allows self-signed SSL certificates

--delay-request
--timeout-script

GraphQL: It is a query language for APIs and a runtime for fulfilling those queries
with your existing data.

Overfetching:
Underfetching:
DAY 4:::::

Response Validations:

Status Code
Headers
Cookies
Response Time
Response Body

Chai Assertion Library

pm.test("Test Name", function()

{
// assertion;
}
};

pm.test("Test Name", () =>

{
// assertion;
}
};

Testing Status Codes

Test for the response status code:

pm.test("Status code is 200", () => {

pm.response.to.have.status(200);
});

If you want to test for the status code being one of a set, include
them all in an array and use one of

pm.test("Successful POST request", () => {

pm.expect(pm.response.code).to.have.oneOf([201, 202]);
});

Check the status code text:

pm.test("Status code name has string", () => {

pm.response.to.have.status("Created");
});

Testing Headers

Check that a response header is present or not:

pm.test("Content-Type header is present", () => {

pm.response.to.have.header("Content-Type");
});

Test for a response header

pm.test("Content-Type header is application/json", () => {

pm.expect(pm.response.headers.get('Content-
Type')).to.eql('application/json; charset=utf-8);
 });

Testing Cookies

Test if a cookie is present in the response:

pm.test("Cookie 'language' is present", () => {

pm.expect(pm.cookies.has('language')).to.be.true;
});

Test for a particular cookie value:

pm.test("Cookie language has value 1", () => {

pm.expect(pm.cookies.get('language')).to.eql('en-gb');
});

Testing Response Time

pm.test("Response Time is less than ", () => {

pm.expect(

Testing Response Body

Asserting a Value Type

Test the type of any part of the response:

{
"id": 1,
"name": "John",
"location": "india",
"phone": "1234567890",
"courses": [
"Java",
"Selenium"
]
}

const jsonData = pm.response.json();

pm.test("Test data type of the response", () => {
pm.expect(jsonData).to.be.an("object");
pm.expect(jsonData.name).to.be.a("string");
pm.expect(jsonData.id).to.be.a("number");
pm.expect(jsonData.courses).to.be.an("array");
});

Asserting Array Properties

Check if an array is empty and if it contains particular items:

{
"id": 1,
"name": "John",
"location": "india",
"phone": "1234567890",
"courses": [
"Java",
"Selenium"
 ]
}

pm.test("Test array properties", () => {

//courses include "Java"
pm.test(jsonData.courses).to.include("Java");
//courses array must include all listed
pm.test(jsonData.courses)
.to.have.members(["Java", "Selenium"]);
});

Validating JSON fields in response

{
"id": 1,
"name": "John",
"location": "india",
"phone": "1234567890",
"courses": [
"Java",
"Selenium"
]
}

pm.test("value of location field is India", () => {

var jsonData = pm.response.json();
pm.expect(jsonData.id).to.eql(1);
pm.expect(jsonData.name).to.eql("John");
pm.expect(jsonData.location).to.eql("india");
pm.expect(jsonData.phone).to.eql("1234567890");
pm.expect(jsonData.courses[0]).to.eql("Java");
pm.expect(jsonData.courses[1]).to.eql("Selenium");
});

Validating JSON schema

var schema = {
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"id": {
"type": "integer"
},
"name": {
"type": "string"
},
"location": {
"type": "string"
},
"phone": {
"type": "string"
},
"courses": {
"type": "array",
"items": [
{
"type": "string"
},
{
 "type": "string"
}
]
}
},

pm.test('Schema is valid', function() {

pm.expect(tv4.validate(jsonData, schema)).to.be.true;
});

DAY 5::::

Pre-Request Scripts
1. Collection
2. Folder
3. Requests

Pre-Request Script---->Request---->Response---->Tests
console.log("pre-request script at collection level");
console.log("pre-request script at folder level");
console.log("pre-request script at request level");

console.log("Tests script at collection level");

console.log("Tests script at folder level");
console.log("Tests script at request level");

Console:

pre-request script at collection level

pre-request script at folder level
pre-request script at request level
GET https://reqres.in/api/users?page
Tests script at collection level
Tests script at folder level
Tests script at request level

Variable:
Something that contains data. Variables can be created in multiple levels.
Variables are classified into 5 types.

1. Global: Accessible in workspace.

url_global

2. Collection: Accessible within the collection.

url_collect

3. Environment: Involves the execution of certain requests in a certain

environment. Accessible in all collection, but we need to switch to the required
environment.
url_qa_env
url_dev_env

4. Local: It can be created at the pre-request level. It is accessible only within

request(specific to request).
url_local
pm.variables.set("url_local","https://reqres.in");
5. Data: It should be created in the external files. Example: CSV/text

Global Variable under pre-request script:

pm.globals.set("userid_global","2");
{{url_local}}/api/users?page={{userid_global}}

Unset Global Variable under test script:

pm.globals.unset("userid_global");
{{url_local}}/api/users?page={{userid_global}}

Environment Variable under pre-request script:

pm.environment.set("userid_qa_env","2");
{{url_local}}/api/users?page={{userid_qa_env}}

Unset Environment Variable under test script:

pm.environment.unset("userid_qa_env");
{{url_local}}/api/users?page={{userid_qa_env}}

Collection Variable under pre-request script:

pm.collectionVariables.set("userid_collect","2");
{{url_local}}/api/users?page={{userid_collect}}

Unset Collection Variable under test script:

pm.collectionVariables.unset("userid_collect");
{{url_local}}/api/users?page={{userid_collect}}

Capture the values from variables:

console.log(pm.globals.get("userid_global"));
console.log(pm.environment.get("userid_qa_env"));
console.log(pm.collectionVariables.get("userid_collect"));
console.log(pm.variables.get("url_local"));

DAY 6::::

Chaining of API's
Response of one API becomes the request(or a part of the request) for a different
API.

* Status Code in Postman:

* JSON Schema Validation:
*

Essential Postman Features for API Testing:

--> Import Requests: cURL, RAML, WADL and open API Files
--> Create Collections
--> Write Test Cases
--> JSON schema validation
--> Leverage Postman BDD
--> Use Environment and Dynamic Variables
-->