![\"\"](\"\/blog\/wp-ttn-blog\/uploads\/2023\/03\/Screenshot-2023-03-17-at-6.34.09-PM-1024x491.png\")
<\/p>\n
What is a <\/span>RESTful<\/b> API?<\/span><\/h2>\nRESTful APIs follow REST architecture (<\/span>Re<\/b>presentational <\/span>S<\/b>tate <\/span>T<\/b>ransfer). <\/span><\/p>\n# <\/span>What is URI for End-Point URL?<\/b><\/p>\nBasically, API \/ Endpoint URL is the combination of things like below: {Base URL} + {Resource} + {Path\/Query Parameter}<\/span><\/p>\n![\"\"](\"\/blog\/wp-ttn-blog\/uploads\/2023\/03\/Screenshot-2023-03-17-at-6.34.18-PM-1024x264.png\")
<\/p>\n
<\/p>\n
Path Parameter: <\/b>Path parameters are various parts of the Endpoint URL. They are used to point to a specific resource within the collection. Let\u2019s say a user can be recognized by ID.
\nEx: https:\/\/www.google.com\/images\/234123 <—– Path Parameter<\/em><\/span><\/p>\nQuery Parameter: <\/b>A query parameter is used to sort\/filter the resources. Query parameter identified by a question mark \u201c?\u201d
\n<\/span>https:\/\/www.google.com\/search?q=newyork<\/p>\nResources:<\/b><\/p>\n
Resources represent API\/Collection, which can be accessed from the Server.\u00a0<\/span><\/p>\nEg:\u00a0google.com\/maps<\/b><\/p>\n
google.com\/search<\/b><\/p>\n
google.com\/images\u00a0<\/b><\/p>\n
You can see some basic information to perform API testing. Basically, it\u2019s a client-server architecture. Client sends the request to the server and the server returns the response. You can see some information below:\u00a0<\/span><\/p>\n![\"\"](\"\/blog\/wp-ttn-blog\/uploads\/2023\/03\/Screenshot-2023-03-17-at-6.34.28-PM-1024x449.png\")
<\/p>\n
<\/p>\n
Methods in API testing<\/b><\/h2>\n
Get Method: <\/b>When we want to fetch data from the server then, we use the GET method to fetch the data.<\/span><\/p>\nPOST Method: <\/b>When we want to create some new resource on the server then, we use the POST method.<\/span><\/p>\nPUT Method: <\/b>When we want to update any existing resource, then we use the PUT method to modify it. If the parameter which we want to update is available, then it modifies that parameter. If that parameter is not available, then it creates that parameter.<\/span><\/p>\nPATCH Method: <\/b>When we want to do a partial update then, we use the PATCH method to update. We pass only that parameter that we want to update, we don’t have to pass a complete payload to update the resource.\u00a0<\/span><\/p>\nResponse Codes<\/b><\/h2>\n
1xx informational response \u2013 <\/b>the request was received, continuing process<\/span><\/p>\n2xx successful \u2013 <\/b>the request was successfully received, understood, and accepted<\/span><\/p>\n200 OK: <\/b>The actual response will depend on the request method used. The response will contain an entity corresponding to the requested resource in a GET request.<\/span><\/p>\n201 Created: <\/b>The request has been fulfilled, resulting in the creation of a new resource.<\/span><\/p>\n202 Accepted: <\/b>The request has been accepted for processing but has not been completed.<\/span><\/p>\n3xx redirection \u2013 <\/b>further action needs to be taken in order to complete the request <\/span>4xx client error \u2013 <\/b>the request contains bad syntax or cannot be fulfilled<\/span>.<\/b><\/p>\n400 Bad Request: <\/b>The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing).<\/span><\/p>\n401 Unauthorized: <\/b>Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.<\/span><\/p>\n403 Forbidden: <\/b>The request contained valid data and was understood by the server, but the server refuses action. This may be due to the user not having the necessary permissions for a resource.<\/span><\/p>\n404 Not Found: <\/b>The requested resource could not be found but may be available in the future.\u00a0<\/span><\/p>\n5xx server error: T<\/b>he server failed to fulfill an apparently valid request.<\/span><\/p>\n500 Internal Server Error: <\/b>A generic error message, given when an unexpected condition is encountered and no more specific message is suitable<\/span>.<\/b><\/p>\n501 Not Implemented: <\/b>The server either does not recognize the request method or lacks the ability to fulfill the request. Usually, this implies future availability (e.g., a new feature of a web-service API).<\/span><\/p>\n502 Bad Gateway: <\/b>The server was acting as a gateway or proxy and received an invalid response from the upstream server.<\/span><\/p>\n503 Service Unavailable: <\/b>The server cannot handle the request (because it is overloaded or down for maintenance). Generally, this is a temporary state.<\/span><\/p>\n504 Gateway Timeout: <\/b>The server was acting as a gateway or proxy and did not receive a timely response from the upstream server. <\/span><\/p>\nWhat are all validations done while performing API Testing?<\/b><\/h2>\n
Status code<\/b>: – It validates whether API\u2019s returning the correct status code or not. The 201 status code should be replaced when any resource is created, 400 for bad requests, 500 for internal server error, 401 for unauthorized access, etc.<\/span><\/p>\nJSON<\/strong> Schema<\/b>: – if we are working with rest assured, so as per business logic, sometimes we need to validate whether that JSON schema is correct or not.<\/span><\/p>\nError messages<\/b>: – In case of a negative scenario, we should get appropriate error messages with an error code like 400 in case of a bad request.<\/span><\/p>\nResponse<\/b>: – In the case of a happy path (positive scenarios), we validate the response that response values are expected values or not.<\/span><\/p>\nHeader<\/b>: – We can also validate headers, but it depends on the requirement.<\/span><\/p>\nResponse time<\/b>: – We can validate the response time of the API. Response time is the time<\/span> that is taken by the server to validate API requests and then provide responses in return. <\/span><\/p>\nDifference between HTTP and HTTPs: <\/b>HTTP stands for Hypertext Transfer Protocol,\u00a0<\/span>
\n<\/span> a protocol and syntax for presenting information \u2013 used for transferring data over a network. Most information sent over the Internet, including website content and API calls, uses the HTTP protocol.<\/span>
\n<\/span>
\n<\/span>The S in HTTPS stands for “secure.” HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses, so in the example above, instead of the text, an attacker would see a bunch of seemingly random characters.<\/span>
\n<\/span>
\n<\/span>\u201cIf a website uses HTTP instead of HTTPS, all requests and responses can be read by anyone who is monitoring the session. Essentially, a malicious actor can just read the text in the request or the response and know exactly what information someone is asking for, sending, or receiving.\u201d <\/span><\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"What is API? An API is an interface or communication protocol between a client & a server that intends to simplify the client-side application for a better user experience. What is a RESTful API? RESTful APIs follow REST architecture (Representational State Transfer). # What is URI for End-Point URL? Basically, API \/ Endpoint URL is […]<\/p>\n","protected":false},"author":1547,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":81},"categories":[1817,1816],"tags":[5138],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56909"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/1547"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=56909"}],"version-history":[{"count":2,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56909\/revisions"}],"predecessor-version":[{"id":56923,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56909\/revisions\/56923"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=56909"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=56909"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=56909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
# <\/span>What is URI for End-Point URL?<\/b><\/p>\n Basically, API \/ Endpoint URL is the combination of things like below: {Base URL} + {Resource} + {Path\/Query Parameter}<\/span><\/p>\n <\/p>\n Path Parameter: <\/b>Path parameters are various parts of the Endpoint URL. They are used to point to a specific resource within the collection. Let\u2019s say a user can be recognized by ID. Query Parameter: <\/b>A query parameter is used to sort\/filter the resources. Query parameter identified by a question mark \u201c?\u201d Resources:<\/b><\/p>\n Resources represent API\/Collection, which can be accessed from the Server.\u00a0<\/span><\/p>\n Eg:\u00a0google.com\/maps<\/b><\/p>\n google.com\/search<\/b><\/p>\n google.com\/images\u00a0<\/b><\/p>\n You can see some basic information to perform API testing. Basically, it\u2019s a client-server architecture. Client sends the request to the server and the server returns the response. You can see some information below:\u00a0<\/span><\/p>\n <\/p>\n Get Method: <\/b>When we want to fetch data from the server then, we use the GET method to fetch the data.<\/span><\/p>\n POST Method: <\/b>When we want to create some new resource on the server then, we use the POST method.<\/span><\/p>\n PUT Method: <\/b>When we want to update any existing resource, then we use the PUT method to modify it. If the parameter which we want to update is available, then it modifies that parameter. If that parameter is not available, then it creates that parameter.<\/span><\/p>\n PATCH Method: <\/b>When we want to do a partial update then, we use the PATCH method to update. We pass only that parameter that we want to update, we don’t have to pass a complete payload to update the resource.\u00a0<\/span><\/p>\n 1xx informational response \u2013 <\/b>the request was received, continuing process<\/span><\/p>\n 2xx successful \u2013 <\/b>the request was successfully received, understood, and accepted<\/span><\/p>\n 200 OK: <\/b>The actual response will depend on the request method used. The response will contain an entity corresponding to the requested resource in a GET request.<\/span><\/p>\n 201 Created: <\/b>The request has been fulfilled, resulting in the creation of a new resource.<\/span><\/p>\n 202 Accepted: <\/b>The request has been accepted for processing but has not been completed.<\/span><\/p>\n 3xx redirection \u2013 <\/b>further action needs to be taken in order to complete the request <\/span>4xx client error \u2013 <\/b>the request contains bad syntax or cannot be fulfilled<\/span>.<\/b><\/p>\n 400 Bad Request: <\/b>The server cannot or will not process the request due to an apparent client error (e.g., malformed request syntax, size too large, invalid request message framing, or deceptive request routing).<\/span><\/p>\n 401 Unauthorized: <\/b>Similar to 403 Forbidden, but specifically for use when authentication is required and has failed or has not yet been provided.<\/span><\/p>\n 403 Forbidden: <\/b>The request contained valid data and was understood by the server, but the server refuses action. This may be due to the user not having the necessary permissions for a resource.<\/span><\/p>\n 404 Not Found: <\/b>The requested resource could not be found but may be available in the future.\u00a0<\/span><\/p>\n 5xx server error: T<\/b>he server failed to fulfill an apparently valid request.<\/span><\/p>\n 500 Internal Server Error: <\/b>A generic error message, given when an unexpected condition is encountered and no more specific message is suitable<\/span>.<\/b><\/p>\n 501 Not Implemented: <\/b>The server either does not recognize the request method or lacks the ability to fulfill the request. Usually, this implies future availability (e.g., a new feature of a web-service API).<\/span><\/p>\n 502 Bad Gateway: <\/b>The server was acting as a gateway or proxy and received an invalid response from the upstream server.<\/span><\/p>\n 503 Service Unavailable: <\/b>The server cannot handle the request (because it is overloaded or down for maintenance). Generally, this is a temporary state.<\/span><\/p>\n 504 Gateway Timeout: <\/b>The server was acting as a gateway or proxy and did not receive a timely response from the upstream server. <\/span><\/p>\n Status code<\/b>: – It validates whether API\u2019s returning the correct status code or not. The 201 status code should be replaced when any resource is created, 400 for bad requests, 500 for internal server error, 401 for unauthorized access, etc.<\/span><\/p>\n JSON<\/strong> Schema<\/b>: – if we are working with rest assured, so as per business logic, sometimes we need to validate whether that JSON schema is correct or not.<\/span><\/p>\n Error messages<\/b>: – In case of a negative scenario, we should get appropriate error messages with an error code like 400 in case of a bad request.<\/span><\/p>\n Response<\/b>: – In the case of a happy path (positive scenarios), we validate the response that response values are expected values or not.<\/span><\/p>\n Header<\/b>: – We can also validate headers, but it depends on the requirement.<\/span><\/p>\n Response time<\/b>: – We can validate the response time of the API. Response time is the time<\/span> that is taken by the server to validate API requests and then provide responses in return. <\/span><\/p>\n Difference between HTTP and HTTPs: <\/b>HTTP stands for Hypertext Transfer Protocol,\u00a0<\/span> What is API? An API is an interface or communication protocol between a client & a server that intends to simplify the client-side application for a better user experience. What is a RESTful API? RESTful APIs follow REST architecture (Representational State Transfer). # What is URI for End-Point URL? Basically, API \/ Endpoint URL is […]<\/p>\n","protected":false},"author":1547,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":81},"categories":[1817,1816],"tags":[5138],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56909"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/1547"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=56909"}],"version-history":[{"count":2,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56909\/revisions"}],"predecessor-version":[{"id":56923,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/56909\/revisions\/56923"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=56909"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=56909"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=56909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/p>\n
\nEx: https:\/\/www.google.com\/images\/234123 <—– Path Parameter<\/em><\/span><\/p>\n
\n<\/span>https:\/\/www.google.com\/search?q=newyork<\/p>\n<\/p>\nMethods in API testing<\/b><\/h2>\n
Response Codes<\/b><\/h2>\n
What are all validations done while performing API Testing?<\/b><\/h2>\n
\n<\/span> a protocol and syntax for presenting information \u2013 used for transferring data over a network. Most information sent over the Internet, including website content and API calls, uses the HTTP protocol.<\/span>
\n<\/span>
\n<\/span>The S in HTTPS stands for “secure.” HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses, so in the example above, instead of the text, an attacker would see a bunch of seemingly random characters.<\/span>
\n<\/span>
\n<\/span>\u201cIf a website uses HTTP instead of HTTPS, all requests and responses can be read by anyone who is monitoring the session. Essentially, a malicious actor can just read the text in the request or the response and know exactly what information someone is asking for, sending, or receiving.\u201d <\/span><\/p>\n