Understanding and testing Web Services - Created by Mark Winteringham / @2bittester © 2016
Understanding and testing Web Services
Available at http://mwtestconsultancy.co.uk/presentations/understanding_web_services_lite
Please load up Google Chrome and install
| POSTMAN | www.getpostman.com |
| POSTMAN Interceptor | www.getpostman.com/features#interceptor |
- 
- 
- 
Workshop goals
Explore what is a Web Service
Build different requests to query and manipulate data
Try out different test design techniques
Going forward...
RESTFUL-BOOKER
A webservice that allows hotels to store booking details about their guests
Restful-booker requirements
- Be able store Bookings with the following items
- Guests name
- The price of their booking
- Whether they have paid a deposit
- The dates of their booking
- Any additional needs
- Must be able to create, read, update and delete bookings
- Bookings must be searchable
Restful-booker API
Restful booker: www.github.com/mwinteringham/restful-booker
API details are in the README
POSTMAN
Our test tool for the workshop
Web Service
'A Web service is a software system designed to support interoperable machine-to-machine interaction over a network.'
http://www.w3.org/TR/2004/NOTE-ws-gloss-20040211/#webserviceMobile to Web Service
UI
Backend
Web Service to Web Service
Reports
Search
A service-oriented architecture
A Web Service example
http://adrianmejia.com/blog/2014/10/01/creating-a-restful-api-tutorial-with-nodejs-and-mongodb/
A typical HTTP Read request
Uniform Resource Identifiers
Resource
Booking resource:
id: 1
Something the service exposes to the end user to interact with such as an image, video, html, text, etc.
Uniform Resource Identifiers
scheme ://host :port /resource ?queryString
http://localhost:3001/booking?name=mary
Query strings
A query string indicates additional actions you might want to apply to the resource you want
GET /booking?checkin=2014-03-13&checkout=2014-05-21Returns all bookings between two dates whereas:
GET /bookingReturns all the bookings
Creating query strings
- Query strings start with a ? after the resource path
- Are declared as key=value
- Multiple query declarations are joined using &
For example:
GET /booking?checkin=2014-03-13&checkout=2014-05-21A typical HTTP request
Verbs in action
| - | Returns current bookings | |
| - | Creates a new booking |
OPTION http://localhost:3001/booking
Returns which Verbs can be used on a URI
A typical HTTP response
Types of Payloads
JSON
"booking": {
"firstname": "Sally",
"lastname": "Brown",
"totalprice": 111,
"depositpaid": true,
"additionalneeds": "Breakfast",
"bookingdates": {
"checkin": "2013-02-23",
"checkout": "2014-10-23"
}
}
XML
<created-booking>
<booking>
<firstname>Sally</firstname>
<lastname>Brown</lastname>
<totalprice>111</totalprice>
<depositpaid>true</depositpaid>
<additionalneeds>Breakfast</additionalneeds>
<bookingdates>
<checkin>2013-02-23</checkin>
<checkout>2014-10-23</checkout>
</bookingdates>
</booking>
</created-booking>
A typical HTTP response
HTTP Status codes
Indicator of how the server has responded to the request you've sent
| 1xx | Informational |
| 2xx | Success |
| 3xx | Redirection |
| 4xx | Client Error |
| 5xx | Server Error |
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
Typical HTTP Status codes
| 200 | Server has carried out its actions successfully |
| 404 | URI path doesn't exist |
| 403 | You're not authorised to access the path |
| 500 | Server error |
| 503 | Service is unavailable |
A typical HTTP create request
Payload
A representation of the resource you want to create through the service
The parameters and the structure of the payload have strict rules
Which can also be known as a 'contract'
Data types
{
"firstName": "Mark",
"lastName": "test",
"totalPrice": 300.00,
"depositPaid": true,
"additionalNeeds": "Breakfast",
"bookingDates": {
"checkIn": "11/11/2014",
"checkOut": "12/11/2014"
}
}
String
Number
Boolean
Dates (String)
Robustness principle
`Be conservative in what you do, be liberal in what you accept from others`
Postel's law
- When sending a payload the service should conform to the contract being sent
- When receiving a payload the service should accept invalid data without error
A typical HTTP Read request
HTTP Headers
Define the operating parameters of an HTTP request such as:
- What is requesting the resource
- What format the resource should be in
- Authorisation that the resource can be requested
And more: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
HTTP Headers
Adding headers can alter the behaviour of the service and its response
| Key: | Value | Outcome |
| Accept: | application/json | JSON is returned |
| Accept: | application/xml | XML is returned |
| Content-Type: | application/json | JSON is accepted |
| Content-Type: | text/xml | XML is accepted |
Authorisation
Services generally have one or more layers of security such as:
- Basic access authentication
- Cookie based authentication
This isn't an exhaustive list
There may be other layers of security in place
Basic access authentication
Comes in the form of a header
| Authorization | Basic Base64(username:password) |
| Authorization | Basic dXNlcm5hbWU6cGFzc3dvcmQ= |
https://en.wikipedia.org/wiki/Basic_access_authentication
Cookie based authentication
POST /auth
{
username: admin,
password: password123
}
Response
Set-Cookie: token=abc123
DELETE /booking/{id}
Cookie: token=abc123
PUT
Similar to POST but rather than create it updates
However, in the real world that might not be the case:
DELETE
Similar to GET but it deletes rather than reads the resource
Taking Web Service testing further
Mobile to Web Service
UI
Backend
Automation?
Wrapping up
Thank you
Restful-booker - https://github.com/mwinteringham/restful-booker
Slides - http://mwtestconsultancy.co.uk/presentations/understanding_web_services_lite