Automating & Testing a REST API by Alan Richardson

A case-study using: Java, REST Assured, Postman, Tracks, Curl and HTTP Proxies

This is the first book review I have written on my site. So of course I had to choose a great book that was relevant to my niche. Alan Richardson’s book on Automating & Testing a REST API fits the bill perfectly.

I am a big fan of Alan’s work. The first online video course that I took was Alan’s Selenium 2 course on Udemy. I was blown away by the depth of that course and how much I learnt from it. In fact it was this course that actually got me into automation!

On to the book itself then. If you are only starting out learning how to automate REST API’s this is a great book for youBut if you have a bit of experience already in this area, I think you will find this book as beneficial, if not more so.

In the book, Alan walks through his entire process when automating a new application. It starts out with a detailed account of how he does exploratory testing of the application. Also reading the API documentation, and identifying gaps in it. I know Alan is a big fan of documentation!

After the initial exploratory testing, there is an in-depth section on using a proxy to create test data. I found this explanation of “fuzzing” (capturing a HTTP request and modifying it slightly to create multiple different calls) very useful.

Alan also demonstrates how he uses cURL for some initial API testing. The commands that are shown in this section form the basis for the actual automation seen later.

We also see how to use Postman, with some nice tips and tricks included such as using environment variables and using Postman through a proxy.

We then start writing actual automation code. Firstly code that will create more test data for us. Then code that actually automates the behaviors identified from the exploratory testing and reading the documentation. Alan explains his process of building an automation framework, with excellent examples of how he abstracts the code and continuously refactors.

One of my favorite sections of the book is “App as API”. This is a term coined by Alan to mean treating the application as an API. This essentially means automating what the GUI does, but without actually using the GUI. So instead of using Selenium for example, we automate everything “behind the scenes” (the API calls).

Alan uses a lot of REST- assured in his framework. But not in the way that REST-assured is typically used. He makes this all very clear in the book, and it’s very interesting to see how he leverages it in non-traditional ways.

Other highlights of the book include:

  • Detailed examples of installing the application under test. Including how to do that with a virtual machine.
  • GitHub repository with all the source code for the book.
  • Accompanying videos that explain some of the concepts in greater depth.

Summary

This is a fabulous book on how to do Automated API Testing properly. I highly recommend you check it out if you have any interest in this area.

One slight drawback is that all the examples are XML based, as that is what the AUT uses. It would have been nice to have some JSON examples. But that would have meant using another application, and the application that Alan has chosen lends itself very well to this sort of case study. Update 02/2018 – Alan has since updated his book to include JSON content!

The accompanying videos for the book are a nice touch. I would actually like to see these expanded upon, possibly into an entire video course. As someone who loves learning from video courses, I would say that! But there is more than enough material here for a comprehensive course in my opinion.

No matter your experience level, if you have an interest in API testing, buy this book. Alan is a master of his craft and you will learn a lot from him. If you don’t have an interest in API testing, you probably won’t get much from this book, but you knew that already, right?

James Willett
James Willett is a Senior Developer for SAP-Concur, having over 10 years of experience in Software Development & Testing with a focus on performance and automation. He is also an online instructor, recently releasing courses on Performance Testing with Gatling and REST Assured Fundamentals, and regularly blogs on software development & testing topics at https://james-willett.com.

The Related Post

API testing has long been misunderstood as well-confined in the territory of developers. It’s natural to think that we must write code to test our code. However, it doesn’t have to be that way anymore. Business testers who have deep domain knowledge are now able to take on the challenges of API testing without coding. ...
LogiGear_Magazine–June_2015–All_About_API_Testing
Social APIs are omnipresent and create special cases for testing. If you understand API testing, especially web service type APIs, testing social APIs is easy to grasp. The use of social APIs makes them a special case. They are omnipresent and very well understood. What this means is you need to have a good understanding ...
Summary Remember that Agile is not an SDLC. Neither are Scrum and XP for that matter. Instead, these are frameworks for projects; they are built from practices (for example, XP has 12 core practices). Scrum and XP advocates will freely recommend that you pick a few practices to implement, then keep what works and discard ...
API testing is different from GUI testing, but it doesn’t take long to master. What is an API? API is an acronym for Application Programming Interface. It enables communication and data exchange between two separate software systems. A software system implementing an API contains functions/subroutines which can be executed by another software system.
An approach to secure maintainability and scalability for API testing projects One of the most important tasks in API testing is designing the input data whose quantum could explode due to the combination of a vast number of arguments. An experienced tester will inevitably figure out the advantages of the pairwise method in efficiently picking ...
APIs are the unsung hero of our connected world We live in an exciting age of intelligence, where progress moves at the speed of imagination. We are connected to the world and one another like never before. API (Application Programming Interface) is the unsung hero of our connected world. Here’s everything you need to know ...
Here are some books you might find useful when developing your web services API testing strategy. The Art of Application Performance Testing by Ian Molyneaux — This book was just released and I found it an outstanding conceptual overview of performance testing a web based application. The book does a great job of reviewing the ...
APIs are subtly altering our expectations that there should be an app for everything. The concept of disruption has been given regal status across businesses, startups, and tech circles in recent years. With such great emphasis placed on change, user experiences are inevitably facing evolution as well. Application programming interfaces or APIs have great transformative powers to disrupt business, but are ...
API: An application programming interface (API) is a set of routines, protocols, and tools for building software applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types. An API defines functionalities that are independent of their respective implementations, which allows definitions and implementations to vary without compromising the interface. Source: https://en.wikipedia.org/wiki/Application_programming_interface
Lack of information and access to information isn’t an issue with web services. Web service documentation is widely available. Overview     One of the major persistent complaints from people who test is lack of information and lack of access to information. Luckily this is not the case with web services. If in the rare case with ...
These are the popular authentication methods in TestArchitect Authentication in API testing is usually a complicated subject for both developers and testers since it requires extensive knowledge on various types of security protocols and encryption algorithms.

Leave a Reply

Your email address will not be published.

Stay in the loop with the lastest
software testing news

Subscribe