Understanding and testing Web Services - Created by Mark Winteringham / @2bittester © 2016

Understanding and testing Web Services

Available at http://mwtestconsultancy.co.uk/presentations/understanding_web_services_lite


Please load up Google Chrome and install

POSTMANwww.getpostman.com
POSTMAN Interceptorwww.getpostman.com/features#interceptor

About me...

- www.mwtestconsultancy.co.uk

- @2bittester

- linkedin.com/in/markwinteringham

profile.png

Workshop goals

Explore what is a Web Service

Build different requests to query and manipulate data

Try out different test design techniques

Going forward...

RESTFUL-BOOKER

A webservice that allows hotels to store booking details about their guests

Restful-booker requirements

  1. Be able store Bookings with the following items
    • Guests name
    • The price of their booking
    • Whether they have paid a deposit
    • The dates of their booking
    • Any additional needs
  2. Must be able to create, read, update and delete bookings
  3. Bookings must be searchable

Restful-booker API

Restful booker: www.github.com/mwinteringham/restful-booker

API details are in the README

POSTMAN

Our test tool for the workshop

Web Service

web server

'A Web service is a software system designed to support interoperable machine-to-machine interaction over a network.'

http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/#webservice

Mobile to Web Service

web server

UI

web server

Backend

Web Service to Web Service

web server

Reports

web server

Search

A service-oriented architecture

A Web Service example

services http://adrianmejia.com/blog/2014/10/01/creating-a-restful-api-tutorial-with-nodejs-and-mongodb/

A typical HTTP Read request


URI Path
URI Host

Uniform Resource Identifiers

Resource

Booking resource:

id: 1

Something the service exposes to the end user to interact with such as an image, video, html, text, etc.

GET /booking/1
jsonresource

Uniform Resource Identifiers

scheme ://host :port /resource ?queryString

http://localhost:3001/booking?name=mary

Query strings

A query string indicates additional actions you might want to apply to the resource you want

GET /booking?checkin=2014-03-13&checkout=2014-05-21

Returns all bookings between two dates whereas:

GET /booking

Returns all the bookings

Creating query strings

  • Query strings start with a ? after the resource path
  • Are declared as key=value
  • Multiple query declarations are joined using &

For example:

GET /booking?checkin=2014-03-13&checkout=2014-05-21

A typical HTTP request


HTTP Verb

Verbs in action

GET http://localhost:3001/booking

-Returns current bookings

POST http://localhost:3001/booking

-Creates a new booking

OPTION http://localhost:3001/booking

Returns which Verbs can be used on a URI

A typical HTTP response

Payload
response

Types of Payloads

JSON

"booking": {
  "firstname": "Sally",
  "lastname": "Brown",
  "totalprice": 111,
  "depositpaid": true,
  "additionalneeds": "Breakfast",
  "bookingdates": {
    "checkin": "2013-02-23",
    "checkout": "2014-10-23"
  }
}

XML

<created-booking>
  <booking>
    <firstname>Sally</firstname>
    <lastname>Brown</lastname>
    <totalprice>111</totalprice>
    <depositpaid>true</depositpaid>
    <additionalneeds>Breakfast</additionalneeds>
    <bookingdates>
      <checkin>2013-02-23</checkin>
      <checkout>2014-10-23</checkout>
    </bookingdates>
  </booking>
</created-booking>

A typical HTTP response

HTTP Status code
response

HTTP Status codes

Indicator of how the server has responded to the request you've sent

1xxInformational
2xxSuccess
3xxRedirection
4xxClient Error
5xxServer Error

https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Typical HTTP Status codes

200Server has carried out its actions successfully
404URI path doesn't exist
403You're not authorised to access the path
500Server error
503Service is unavailable

A typical HTTP create request


Change in HTTP Verb
Payload

Payload

A representation of the resource you want to create through the service


The parameters and the structure of the payload have strict rules

Which can also be known as a 'contract'

Data types

						{
	"firstName": "Mark",
	"lastName": "test",
	"totalPrice": 300.00,
	"depositPaid": true,
	"additionalNeeds": "Breakfast",
	"bookingDates": {
		"checkIn": "11/11/2014",
		"checkOut": "12/11/2014"
	}
}
					
  • String

  • Number

  • Boolean

  • Dates (String)

Robustness principle

`Be conservative in what you do, be liberal in what you accept from others`

Postel's law


  • When sending a payload the service should conform to the contract being sent
  • When receiving a payload the service should accept invalid data without error

A typical HTTP Read request


Headers

HTTP Headers

Define the operating parameters of an HTTP request such as:

  • What is requesting the resource
  • What format the resource should be in
  • Authorisation that the resource can be requested

And more: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields

HTTP Headers

Adding headers can alter the behaviour of the service and its response

Key:ValueOutcome
Accept:application/jsonJSON is returned
Accept:application/xmlXML is returned
Content-Type:application/jsonJSON is accepted
Content-Type:text/xmlXML is accepted

Authorisation

Services generally have one or more layers of security such as:

  • Basic access authentication
  • Cookie based authentication

This isn't an exhaustive list

There may be other layers of security in place

Basic access authentication

Comes in the form of a header


AuthorizationBasic Base64(username:password)
AuthorizationBasic dXNlcm5hbWU6cGFzc3dvcmQ=

https://en.wikipedia.org/wiki/Basic_access_authentication

Cookie based authentication

POST /auth

{
  username: admin,
  password: password123
}

Response

Set-Cookie: token=abc123


DELETE /booking/{id}

Cookie: token=abc123


PUT

Similar to POST but rather than create it updates

However, in the real world that might not be the case:

PUT vs POST

DELETE

Similar to GET but it deletes rather than reads the resource

Taking Web Service testing further

Mobile to Web Service

web server

UI

UI testing
web server

Backend

Web service testing

Automation?

Wrapping up

Thank you

Restful-booker - https://github.com/mwinteringham/restful-booker

Slides - http://mwtestconsultancy.co.uk/presentations/understanding_web_services_lite