Scribd
Upload
11 views

Test Mentor - API Testing

Uploaded by

anhlevanvcc
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

Test Mentor - API Testing

Uploaded by

anhlevanvcc
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Course Content

1. What is the API documents?


API Testing 2.
3.
HTTP Methods
HTTP Status Code
Sang Bui
4. Working with the API request
5. Write API test from Postman
6. Tips & QA
What is the API documents?
API documentation is a technical content deliverable, containing all
the information required to work with the API:

● Details about the functions


● Request methods
● Response code & data
● Arguments
● and more
What is the API documents?
● Swagger API documentation
● Word API documentation
API Testing Methodologies
API Testing Methodologies

PROCESS
HTTP Methods
HTTP Methods
Use the proper HTTP method according to the operation:

● GET (read)
● POST (create)
● PUT/PATCH (replace/update)
● DELETE (to delete a record)
● 405 Method Not Allowed if the requested method isn't appropriate for
the requested resource.
HTTP Status Code
404 - Can’t find it
401 - You’re not getting in
403 - Look, you’re in but you’re not allowed
500 - We screwed up
400 - You screwed up
200 - All is fine, carry on
30x - Oh wait, it's over there!

418 I'm a teapot


The HTTP 418 I'm a teapot client error response code indicates that the server
refuses to brew coffee because it is a teapot. This error is a reference of Hyper Text
Coffee Pot Control Protocol which was an April Fools' joke in 1998.
HTTP Status Code
Return the proper status code according to the operation completed.

● 200 OK
● 400 Bad Request
● 401 Unauthorized
● 405 Method Not Allowed
Working with the API request
Write API test from Postman
Write API test from Postman
Tips
1. Use the proper HTTP method according to the operation
2. Return the proper status code according to the operation completed
3. Don't use Basic Auth. Use standard authentication instead (e.g. JWT, OAuth).
4. All endpoints with access to sensitive data require authentication
5. Auto-incrementing IDs
6. Handling large amounts of data
7. Secure HTTP (HTTPS) encrypts data between clients and server
8. Implement max retry / rate limit policies
9. Use encryption on all sensitive data.
10. Don't use any sensitive data (credentials, Passwords, security tokens, or API keys) in the URL
Review content
1. What is API documents?

Q/A 2.
3.
HTTP Methods
HTTP Status Code
4. Working with API request
5. Write API test from Postman
6. Tips

You might also like