Software Testing – Session 8
1
�Agenda
Backend Testing
JMeter
2
�Backend testing
5
� API Testing
API testing is a type of software testing that involves testing application programming
interfaces directly and as part of integration testing to determine if they meet expectations
for functionality, reliability, performance, and security.
Test for Core Language- Easy Integration
Time Effective with UI/GUI
Functionality Independent
• Access to the application • Far less time consuming than • In an API test, data is • Highly integrable tests are
without a user interface. functional GUI testing. exchanged using XML or JSON, possible. This is especially
• Provides an early evaluation of example:3,000 API tests in 50 transfer modes that are beneficial if you plan to perform
its overall build strength before minutes (in parallel execution) completely language- functional UI/GUI tests following
running UI/GUI tests. Expose 3,000 GUI tests in 30 hours (in independent, allowing you to API testing.
the small errors that can fester parallel execution) select any core language.
and become larger problems • Requires less code and thus
during GUI testing. provides better, faster test
• Testing in tandem with coverage than automated
development, fostering UI/GUI tests. The end result of
communication and improved faster testing is a reduced
collaboration between them. overall testing cost.
6
�What is back-end?
7
�Web Services
Definition: Pieces of business logic that can be accessed over the Internet.
You can reuse someone else’s business logic instead of replicating it yourself. This
technique is similar to what programmers currently do with libraries of APIs, classes, and
components. The main difference is that web services can be located remotely on another
server and managed by another company.
8
�Web Services
Benefits of Web Services
• Web services are simple: it means they can be easily supported on a wide range of platforms.
• Loosely coupled: The web service may extend its interface and add new methods without
affecting the clients as long as it still provides the old methods and parameters.
• Stateless: A client makes a request to a web service, the web service returns the result, and
the connection is closed. There is no permanent connection. This makes it easy to scale up and
out to many clients and use a server farm to serve the web services.
• Firewall-friendly: Firewalls can pose a challenge for distributed object technologies. The only
thing that almost always gets through firewalls is HTTP traffic on ports 80 and 443. Because
web services use HTTP, they can pass through firewalls without explicit configuration.
Disadvantage:
There is no support for bidirectional communication, which means the web server cannot call back
to a client after the client disconnects.
9
� API – Application Programming Interface
What?
Is a set of functions and procedures for building software
and applications. Through APIs the features or data of an
operating system, application, or other service are
accessed and used.
Why?
• Efficiency
• Time-To-Market
• Integration
• Frontend design variation
Examples?
• Google Maps API
• YouTube APIs
• Flickr API
• Twitter APIs
10
�Architecture
11
� REST
Representation State REST – Client / Server REST is centered round
REST is NOT
Transfer (REST) architectural style two basic principles:
• A style for software • Requests and responses • Resources as URLs. A • a Protocol – SOAP Is
architecture for are built around the resource is something • an API
distributed hypermedia transfer of like a “business entity”, • HTTP
systems such as the “representations” of entity to expose as part
• client
World Wide Web “resources” of an API. Almost always
• REST is not a protocol or it is a noun. Each
standard. REST resource is represented
architecture is simply as a unique URL.
following certain • Operations as HTTP
guidelines for how a well- methods. REST
designed Web app leverages the existing
behaves, in a logical HTTP methods,
organization that particularly GET, POST,
involves a series of links PUT and DELETE
representing the next
state of the application
for the user.
12
�Benefits of REST
• Performance
• Scalability
• Simplicity
• Modifiability
• Visibility
• Portability
• Reliability
http://whatisrest.com/rest_architectural_goals/index
13
�Resources
The fundamental concept in any RESTful Resources can be grouped
API is the resource. into collections.
• A resource is an object with a type, • Each collection is homogeneous so that it
associated data, relationships to other contains only one type of resource, and
resources, and a set of methods that unordered. Resources can also exist
operate on it. outside any collection. Collections are
themselves resources as well.
• Collections can exist globally, at the top
level of an API, but can also be contained
inside a single resource. In the latter case,
we refer to these collections as sub-
collections.
• Sub-collections are usually used to
express some kind of “contained in”
relationship.
14
�Resource Model
Collection Collection
Resource
Resource
Resource Sub-Collection
Sub-
resource
A Collection with A Singleton Sub-collections and
Resources Resources Sub-resources
15
�Resource Model
Resources have data associated with them, resource model for an API.
JSON, JavaScript Object Notation. JSON is a very simple data exchange format. It helps to
communicate between JavaScript and server side technology.
Collections are modeled as an array of objects.
Resources are modeled as a JSON object.
Data associated with a resource is modeled as key : value pairs on the JSON object
Scalar Array Object
• Have just a single value • contain an ordered list of • consist of a unordered
• number, string, boolean, values of arbitrary type set of key:value pairs
null
16
�[
{
"eventDTO":{
"type":"private",
"eventId":1,
"eventName":"Testing Workshop", Scalar – single value
"eventDescription":"Belgrade Testing Event", Resource Object
"startEvent":"2018-11-07 09:00:00.0",
"endEvent":"2018-11-10 17:00:00.0",
"placeDTO":{
"id":2, Sub-collection
"placeName":"StartIt", of sub-resources
"latitudePlace":46.749072,
"longitudePlace":23.531275
}}
},
{
"eventDTO":{ Array collection
"type":"public", of multiple resources
"eventId":2,
"eventName":"Music festival",
"eventDescription":"Belgrade Music Event",
"startEvent":"2018-12-07 09:00:00.0",
"endEvent":"2018-12-10 17:00:00.0",
"placeDTO":[
{
"id":2,
"placeName":"Central Park",
"latitudePlace":46.749072, Array sub-collection
"longitudePlace":23.531275
of sub-resources
},
{
"id":3,
"placeName":"National Stadium",
"latitudePlace":46.749072,
"longitudePlace":23.531275
}
]
}
}
]
�Metadata and representations
Generic attributes that are defined and have Before resources can be communicated to a
a specific meaning on all resources: client over an HTTP connection, they need
to be serialized to a textual representation.
This representation can then be included as
an entity in an HTTP message body.
Attribute Type Meaning Type Content-Type
Identifies the unique ID of a application/x-resource+json
id String JSON
application/x-collection+json
resource.
Identifies the URL of the current application/x-resource+yaml
href String YAML
resource. application/x-collection+yaml
Identifies a relationship for a application/x-resource+xml
resource. This attribute is itself XML
link Object application/x-collection+xml
an object and has “rel” “href”
attributes. HTML text/html
18
� URI
GET http://192.168.1.92:8989/app/api/v1/users/1
verb scheme domain name API entry point
Example (explained) Resource / collection
GET http://192.168.1.92:8989/app/api/v1/users/1
The resource id inside the collection
19
�Verbs and Methods
Operation CRUD Description
GET Read retrieve information from the given server using a
given URI
POST Create send data to the server, for example, customer
information, file upload, etc. using HTML forms.
PUT Update Replaces all the current representations of the
target resource with the uploaded content.
DELETE Delete Removes all the current representations of the
target resource given by URI.
20
�Response codes
Code Description
1xx: Informational request was received and the process is continuing.
2xx: Success action was successfully received, understood, and
accepted.
3xx: Redirection further action must be taken in order to complete
the request
4xx: Client Error request contains incorrect syntax or cannot be
fulfilled.
5xx: Server error server failed to fulfill an apparently valid request.
21
�Testing Types
Backend testing
• Server side or Database Testing
• Not required to use the GUI/UI
• Directly pass the request with the parameters required for the function and get a response in some
default format. E.g, xml or JSON.
API Testing
• Testing APIs directly and as part of integration testing to determine if they meet expectations for
functionality, reliability, performance, and security.
• API testing is performed at the message layer.
• Considered critical for automating testing because APIs now serve as the primary interface to
application logic and because GUI tests are difficult to maintain with the short release cycles and
frequent changes
22
�Where and how do we test APIs?
Requests
Backend
Testing Backend Black Box
and
Validation
Responses
23
�Approach
24
� Approach
Discover Treat Understand Find Identify Pick Highlight Test
Identify the
Discover the Highlight
Treat the API Understand the Find all the input Pick the
context and API exceptional Test it
as a product API nouns parameters and operations
consumer status codes
types
25
�Approach
Schema validation
Parameter on
Content-Type Response code
tampering request/response
payload
Language format Input data
Error codes Error messages
validation validation
Time response Timeouts Concurency
26
�Jmeter Tool
27
�JMeter
What?
• Tool for testing REST and Soap web services – Open Source with extra
functionalities / libraries
• Also used for performance testing
• A 100% pure Java application designed to load test functional
behavior and measure performance
https://jmeter.apache.org/
28
�Elements of a Test Plan
• Test Plan
• Thread Group (number of threads, ramp-up period, number of times to execute the test)
• Controllers
• Samplers (FTP Request, HTTP Request, Java object request, JUnit Test request, Mail request,
TCP request)
• Logic Controllers
• Listeners
• Timers
• Assertions
• Pre-Processors
• Post-Processor
29
�Class Exercise
http://restful-example.appspot.com/jsp/students/get.jsp
Class Exercise 30
�Take Aways
31
�Homework
32
�Feedback 10’
33
