API / WEB SERVICES

I. APPLICATIONS: -
A piece of code written to perform a required task is called as Application.

TYPES OF APPLICATIONS: -
 Standalone application
 Client server applications

Client Server Application Web Application

Static Web Application Dynamic Web Application

STANDALONE APPLICATION: -
To access the application
 No Internet Required
 Local Database Required
 No Server Required
 Installation is Mandatory
 Single User will be using the application at a time
 Example: Calculator, Paint, MS Office, File Manager, Browser, etc.

Note: API testing cannot be done for standalone application.

Q) Why is a Browser called Standalone application?

Browsers have to be downloaded and installed into our systems. Any downloaded web-
pages, pdf’s etc can be accessed with the help of these browsers.

1
 CLIENT SERVER APPLICATION: -

Hi
User1 WHATSAPP SERVER
Hello

Process it

Hi
User2
Hello

To access the application

 Two Application => Client App installed in local machine and Server App installed in Server
 Internet is Required
 Database is Required
 Server is Required
 Installation is mandatory
 Multiple Users can use the application at a time
 Example: Instagram, Flipkart, YouTube, etc.

Note: - Installing the app from the play store or through the .apk file is called client
software.

Q) What is a server?
Ans) Server is a super computer which has high configuration, it is used to store the source
code written by the developer.

WEB APPLICATION: -
Any application which is launched using the Web browser, URL and Internet.

To access the web applications, we need

 Internet is Required
 Database is Required
 Server is Required
 No Installation Required
 Multiple Users can use the application at a time
 Example: Instagram, Flipkart, YouTube, etc.
Note: Installation has to be done in the server (or) some were else.

2
Q) Is internet required to access the web application?
Ans) Yes.

Q) Is internet mandatory to access the web application?

Ans) If the server is within the local network then internet is not mandatory.

II. Architecture of web applications:

1. Two-layer architecture (Ex: Standalone Application)
2. Three- layer architecture (Ex: Web Application)
3. N- layer architecture
Note: - First backend is developed then the frontend is developed.

3-layer/ 3-tier architecture

Presentation layer
Web server

web browser database layer

http req .html

url: Instagram Database
http res
servlet
App server
JDBC

(java data base connectivity)

.

.java

Business layer

 The code written by the developer in web server (or) app server we call it as Code
(or) source code (or) business logic code (or) web resource.
 Layers:
1. Presentation layer GUI CODE
2. Business layer  source code (or) business logic code (or) web resource.
3. Data base layer  Data

3
Web Browser:
 It is a standalone application which is used to access any web application over the
network via URL.
 Browser understands only html, CSS & JavaScript, so it makes use of http protocol.
 It’s the only way to access the web application.
 Ex: Chrome, IE, safari, Firefox, Opera, etc.

Web Server:
 As the name suggest it serves the response to the browser based on the request.
 It receives the request from the browser, communicates with the app server and
provides back the response to the browser.
 Its helps both web browser and the web application to communicate with each
other.

App Server/ Web Application:

 It’s a collection of web resources (source code).
 App Server contains business login of the source code, html code, Servlet code, JDBC
code.
 Every App server is under control of Web server.
 Ex: Apache tomcat server, Apache JBOSS, Web Logic, Glass Fish etc.
 Note: In our fireflink we are using Apache tomcat server.
 We have two type of resource: -
1. Static Web resource.
2. Dynamic Web resource.
 Static web resource: - The Response is generated even before sending the request is
called, static web resource.
 Dynamic web resource: - The Response generated at the time of the Request Is
called, dynamic web resource.
 We have two types of web applications: -
1. Static web application
2. Dynamic web application
 Static web application: - If web application contains only static web resources then it
termed as Static web application. Ex: - Wikipedia, Dictionary, etc.
 Dynamic web application: - If web application contains at least one dynamic web
resources then it termed as Dynamic web application.
Ex: - Gmail, e-commerce, Instagram, etc.

Database: It is a place or medium where the data is being stored in a systematic and
organised manner. Ex: - SQL, MYSQL, PL-SQL, NO-SQL etc.

JDBC: It’s a collection of java API’s which helps a java object and the database to
communicate with each other. It stands for Java Database Connectivity.

4
 Servlet: It is a collection of J2EE API’s which is used for mapping the data between Web
server & App server and they are also used to develop dynamic web applications.

III. URL [UNIVERSAL/ UNIFIED/ UNIFORM RESOURCE LOCATOR]

Web URL:
 URL is used to uniquely identify the specific web resource inside the web application.
 Every web application should have its unique address in the form of URL.
 URL is the one & only way to access web application via a browser.
 Ex: https://www.google.com/search?q=india&oq=india&aqs

Syntax: -
Protocol://DomainName:PortNumber/ResourcePath?QueryString#FragmentId

Resource End Point Parameter

Protocol:
 When one application wants to communicate with another application their needs
to be a common language which both the application understands, hence we use
protocol.
 Protocol acts like a common language between two applications.
 It is a set of rules & instructions.
 Protocol is an optional information in the URL & it is not case sensitive.

Types of protocol:
1. HTTP Hyper Text Transfer Protocol
2. HTTPS Hyper Text Transfer Protocol Secured
3. FTPFile Transfer Protocol. Ex: Google Drive
4. SMTP Simple Mail Transfer Protocol. Ex: Gmail

Domain Name:
 It is used to identify the specific server or computer within the network or area.
Area/Network

 Q .com Commercial
GMAIL AMAZON .in India
.gov Government
UBER .org Organization
OLA
.edu Education

5
  Domain Name can be the computer name or server name or the IP address.
 In initial stage of developing application, they will use IP address only / Domain
Name.
 It’s a mandatory information in the URL.
 After completion of entire application, they will set the URL.

Port number:
 It is used to uniquely identify the specific software/ application inside the computer.
 In the URL this is an optional information.
 If we are using the IP Address, then only the Port Number is required.
 Port Numbers start from 1000 -9999 (8999 parts)
 WebLogic (2 digit), Apache J-Boss (3 digits), Apache-Tomcat (4 digits)
 Ex: localhost:8888  Vtiger
localhost:8080 Jenkins
localhost:4723 Appium

Resource path:
 It is used to uniquely identify the specific web resource inside the application server
(web application).
 Ex: http://localhost:8080/index.html
http://localhost:8080/login

Query string:
 It is one of the components of the URL which is used to pass a value to a specific
parameter.
 It should always begin with “?”
 It is always written in “name= value” pairs.
 We can have any number of name value pairs separated by “&”
 Ex: http://localhost:8888/index.php?module=leads&action=index

Fragment ID:
 It is used to uniquely identify the specific fragment or section in the webpage.
 It’s not a mandatory field in URL.

Types of Languages:
1. Programming Languages: It is used to develop an application i.e., developing the
Backend. Ex: C, C++, C#, Java, Swift.
2. Scripting Languages: Scripting Language is used to Validate the Front End, i.e., while
developing the UI of the application the developers will give the conditions for each
and every component. Ex: Python, JS, Shell Script, PHP, Visual Basics.
3. Other Languages: Cannot develop/validate the application. So, For API Testing
purposes we use these other languages. Ex: XML, JSON, XSD, DTD, HTML.
XSD – XML Schema Definition (describe and validate the structure and content of
XML documents).DTD – Document Type Definition (defines the structure of XML
document). HTML – Hyper Text Markup Language (structures the web-page).

6
IV. WORK FLOW OF XML:
*SWS: - soap web service https://icici/api.wsdl

Amazon server SBI Server Database

R
Web Browser e
url: Amazon q
http req j SWS req u
cc: sbi12345 ja a data
xml XML xml e PY
va x
cvv:123 b s
http res SWS Res t
e
OTP- verification r

Parser tool: PY-ODBC

 JAXB converting java to xml and vice-versa.
 REQUESTER converting python to xml and vice-versa.

Characteristics of XML (Extensible Mark-up Language):

 Its stand for extensible mark-up language which helps to store and transport data.
 It is platform and technology independent.
 Different applications which are developed using different technologies or same
technologies can transfer the data among themselves with the help of XML.
 As the name implies it’s an extension of HTML and hence XML looks similar to HTML
but it’s not HTML.
 It has User-defined (custom) tags.
 XML tags are also called as elements.
 It’s a collection of customized tags.
 XML is “Strictly Typed” language and hence case-sensitive.
 They should not contain spaces.
 In XML it has one root element which is the parent of all child elements.
 The child element can have sub-child elements.
 XML follows tree structure.
 The filename extension for XML is .xml
 Contain type of xml is application/xml.

Syntax: <root>
<child>
<sub-child> </sub-child>
</child>
</root>

7
Note: Every tag name is case sensitive.
Ex: <ShopperRequest>

<city>string</city>
<country>string</country>

<email>string</email>

<password>string</password>

<phone>0</phone>
</ShopperRequest>

 An element consists of start tag, value and end tag.

Ex: <student> Rahul </student>

 An attribute is always written in name value pair within start tag of the element.

Ex: <student Name=” Rahul” > </student>

V. WORK FLOW OF JSON: https://icici/api/balance

Amazon server SBI Server Database
j
Web Browser J s
a o
url: Amazon http req REST WS
c n
cc: sbi12345 m data
java k json request json py
s o
cvv:123
http res o JSON d
n u
REST WS l
e
Response

Parser tool: PY-ODBC

 JACKSON converting java to json and vice-versa.
 JSON MODULE converting python to json and vice-versa.

Characteristics of JSON (JavaScript object notation):

 It stands for java script object notation.
 It is used to store and transfer the data between two different applications.
 JSON is very light weight when compare to XML.

8
 It has more number of datatypes.
 It’s an extension of JavaScript.
 The file name extension of JSON is .json
 The contain type is application/json
 It’s a platform and technology independent language.
 It’s very popular because of its simplicity.
 It’s very easy to parse.
 It is designed in the form of MAP structure.
 It will be in terms of KEY and VALUE pair.
 KEY always enclosed within the double quotes, VALUE is based on the data.

Ex: - Structure of JSON.

{ {

“Key1”: “v1”, “name”: “Rahul”,

“key2”: v2 “Age”: 25

} }

 “ { “ and “ } ”is used to create an object.

 In JSON each data is written in key value pair.
 All the keys in the JSON must be enclosed within the double quotes.
 The key & value in the JSON is always separated by “: “ colon.
 The value of JSON depends on the datatype.
 Each key value pair is separated by comma “, “

Data Types of JSON:

1. STRING
2. NUMBER {
3. BOOLEAN “Key1”:” v1”,
4. NULL
“key2”:” v2”,
5. ARRAY
6. OBJECT “key3”: {
7. OBJECT ARRAY
“key4”: v4,

“Key5”: [{ },{ }]

9
Note:
 The process of converting java object to JSON is called Serialisation/ Marshalling.
 The process of converting JSON to java object is called De-serialisation/
Unmarshalling.

Difference between JSON and XML

JSON XML

 JavaScript object notation.  Extensible mark-up language.

 JSON follows MAP structure, hence  XML follows tree structure, hence
structure, hence it is light weight. it’s called as very strictly typed
language.
 File extension is .json  File extension .XML
 Contain type is application/json.  Contain type is application/xml.
 JSON data has datatypes.  XML data is type less.
 JSON data types are string, number,  In XML all the data will be written as
Boolean, null, array, object, Object string.
array.
 JSON is an extension of JavaScript.  It’s an extension of HTML.
 JACKSON is the parser tool to  JAXB is the parser tool to convert
convert java to JSON and vice-versa. java to XML and vice-versa.
 Parsing time is less in JSON.  Parsing time is more in XML.
 Files are easy to read.  Files are difficult to read.
 Serialization and Deserialization  Developer have to write addition
happens automatically. JavaScript code for Serialization and
Deserialization
 Supported by most browsers.  Cross-browsing can be difficult.
 Doesn’t support comments.  We can comment.
 Less Secured.  Comparatively more secured.

10
 SOA [service-oriented architecture]

PRESENTATION LAYER BUSINESS LAYER DATABASE LAYER

GUI CODE SOURCE CODE DATA

Functionality test/BBT API testing Data base testing

1. Manual testing 1.WBT/unit testing ETL ( Extract Transform Load)

2. Automation testing 2.Web service testing

 Soap ws request
 Rest ws request

Q) Can I do manual testing without UI?

Ans) No. Without Presentation layer we cannot do Functional testing (Manual/ Automation)

Q) Can I do Testing without UI? If yes, then how?

Ans) That’s where Business Layer comes into picture.

Q) How to test the Business layer?

Ans) The developers would have created an interface. With the help of this Interface the
test engineer is able (getting access) to test the Source code.
Q) what is API?

Ans) Application programming interface acts like a bridge/ interface/ a connection between
two programs.

Q) what is API testing?

Ans) Testing the interface between two programs is called API testing.
Q) why API testing is required?

Ans) API TESTING is required in order to make sure that the interface is working as expected
with respect to functionality, performance, scalability, security etc.

11
VI. TYPES OF API TESTING:
1. WBT (White Box Testing)
2. Web Services Testing
a) SOAP web services testing
b) REST web services testing

API ICICI Bank D/B

Create A/C (); Create A/C Bal Transaction

Bal ();

Transaction (); .java

Loans ();

Deactivate ();

Gold Customer Loans Deactivate Gold Cust.

IDE (Eclipse)

psvm (-------) { J-Unit

Create account ();

………
……….

1) WHITE BOX TESTING:

Testing each and every line of the source code using another program is called as WBT.
(OR)
Testing the untouched source code of the program is called as WBT.

2) WEB SERVICES TESTING:

 It’s a mechanism where two applications or machines exchange the information
between each other irrespective of their underlined technology.
 So, web services help to share the functionality of one application with another
application without sharing the source code or database.
 All the web services are exposed via API.
Note: All web services are API’s but, all API’s are not web services.

12
Q) What is web services testing?

Ans) Testing the request and response between two applications is called as web services
testing.
Web service provider has to make sure that all the API’s are working as expected.

Q) Why web services testing is required?

Ans) Web services testing is required in order to make sure that all the services are exposed
by the provider is working as expected with respect to functionality, performance,
scalability, security etc.

SOAP WEB SERVICE TESTING:

Q) What is SOAP?

Ans) It stands for Simple Object Access Protocol. Important points to note are:-
 SOAP is a protocol.
 It’s a xml based protocol used for application to exchange the information between
each other.
 It will send entire WSDL file (Web Services Description Language).
 UDDI: Universal Description Discovery Integration
Its where all the soap API’s have to be registered.

Q) What is SOAP web services?

Ans) Two application exchanging the information between each other with the help of XML
using SOAP as protocol is called SOAP web service.
Note: All the soap web services are exposed via .WSDL file.

Q) What is SOAP web service testing?

Ans) Testing the request and response between two applications which is based on XML
using soap as protocol is known as SOAP web service testing.
Q) What are the SOAP web service testing tool?

1. SoapUI
2. SOAPSonar
3. Soap Test
4. ReadyAPI
5. Wizdler

Q) Drawback of SOAP Web-services?

Ans) We need to send all the files as an entire package (.wsdl), whereas we can’t send only
particular section of the file.

13
REST WEB SERVICE TESTING:
Q) What is REST?
Ans) It stands for Representational State Transfer. Important points to note are:
 It’s an architectural style used to develop web services.
 As the name suggest it represents the state of request.
 REST supports XML/HTML/JSON/Text/JavaScript.

Q) What is REST web service?

Ans) Two application exchanging the information between each other with the help of XML,
HTML, Text, JSON, JavaScript using HTTP as a protocol is called REST web services.

Q) What is REST web services testing?

Ans) Testing the request and response between the two different application which is based
on XML, JSON, JS, HTML, Text by using HTTP as a protocol is called REST web service testing.
Also: -
 All the rest API’s are exposed via URI (Universal Resource Identifier).
 URI=URL+URN (Universal Resource Name).

Q) What are the REST web service testing tool?

Ans) Some of the commonly used tools are: -
1. Postman
2. Fireflink
3. Rest Assured
4. Ready API
5. Karate
6. Katalon Studio, Etc.
Q) What is the difference between SOAP WEB SERVICE and REST WEB SERVICE?

SOAP WEB SERVICE REST WEB SERVICE

 Soap stands for Simple Object  Rest stand for representation state
Access Protocol transfer
 Soap is a protocol  Rest is an architectural style
 Soap supports XML  Rest supports
XML/JSON/HTML/Text/JAVA SCRIPT.
 SOAP uses SOAP as a protocol  REST uses HTTP as a protocol
 Soap is exposed via .wsdl file  Rest is exposed via URI
 Soap services are the exposed as a  Rest services are exposed as a get
package individual API’s for each feature.
 Soap is design using too many  Rest doesn’t define too many
standards. standards.
 Soap define its own security.  Rest we inherit to security measures
like Basic Auth /Bearer Token/
OAuth1/OAuth2.0 /etc.
 Soap is less preferred.  Rest is more preferred.

14
Advantages of web services:

1) Web Services Interoperability (WS-I)

 Web Services are “Application, Platform and technology Independent”.
 Ex: Uber/ OLA and Google Maps shares the data among each other.
2) Loosely Coupled
 Each application is independent of one another. Hence changes done to one
application will not impact the “unrelated areas”.
3) No need of re-inventing the wheel
 Web Services reduces the software development time.
 This helps the other business partners to quickly develop application and
start doing business.
 This helps business to save time and money by cutting development time.
 Ex: Uber/ OLA can make use of Google Maps.

4) Business Opportunity
 Web Services will open the door for new business opportunities by making it
easy to connect with partners.
 Ex: Dominos can get the order from Food Panda/ Swiggy along with getting
orders from its own site.
5) Service Reuse
 Web Services takes code reuse a step further.
 Ex: An organization can have a “Single Payment Gateway Services” which
helps other web applications of the organization to interact.

VII. HTTP Structure:

 HTTP protocol also has a structure and it consists of header & body part
separated by empty line.
 In order the view the http request & http response structure we go for Fiddler
tool (developer debug tool).

HEADER

BODY

15
HTTP Request & HTTP Response:

REQUEST RESPONSE

HTTP METHOD
STATUS CODE
WEB URL
Header Header RESPONSE TIME
COOKIES
COOKIES
CONTENT TYPE
CONTENT TYPE

Body Body
ACTUAL DATA
FORM DATA / RAW DATA

Note: Mandatory fields in: -

 HTTP request – http method and web URL.

 HTTP response – Status code and Actual Data.
HTTP Request: -

HTTP Method:
 It’s used to specify the type of operation performed in the server.
 It’s a mandatory information present in the HTTP Request.
 HTTP method is the first element in the http request, used to specify the type of the
request which is sent by client (Browser) to Server (Application).

1. GET: it’s used to read or retrieve the resources from the server.
2. POST: it’s used to create resources inside the server.
3. PUT: it’s used for complete update of the resource inside the server and it
can also be used for creating a resource.
4. PATCH: it’s used for partial updating of the resources inside the server.
5. DELETE: it’s used for deleting the resource inside the server.

 NOTE: PUT will be used for updating if you pass the id in the body otherwise it will be
used for creating.

Web URL:
 It’s used to specify location or address of the server.
 It’s used to identify the specific web resource inside the web application.
 In GET: Query will be present in URL.
 In POST: Query will be present in the Body of the Request.

16
Cookies:
 It’s an additional information (additional add-on’s) provided.

Content type:
 It’s used to specify the type of content used to transfer data.
 Ex:
a) application/json  .json
b) Application/xml  .xml
c) Application/zip  .zip
d) Application/png  .png
e) Application/html  .html

Form Data / Raw Data:

 It’s a data sent from the client to the server.
 GET will not have form data.
 POST will have form data.

HTTP Response: -

Status Code:
 It’s used to specify the status of the request sent from the client.

Status Code Description

100 Continue
200 Server successfully handled the request
300 Re-direction request
400 Client side error (requested resource not
found at server side)
500 Server side error (Server encounter, an
unexpected condition)

Response time:
 Total time required to send the request, process the request, get the response is
called Response time.

Cookies:
 It’s an additional information provided.

Content type:
 It’s used to specify the type of content used to transfer data.
 Ex:
f) application/json  .json
g) Application/xml  .xml
h) Application/zip  .zip
i) Application/png  .png
j) Application/html  .html

17
 Actual Data:
 The data sent from the server to the client is called as Actual data.

Pre-Requisite for API Testing: -

1. Knowledge of client-server architecture.
2. Knowledge of HTTP Request and HTTP Response.
3. Basic knowledge of database.
4. CRUD Operation.
5. Knowledge XML and JSON.
6. Knowledge on API Testing Tool.
7. Knowledge on API Documents.

Frequently seen status codes: -

Important status codes
400 Bad request- Syntax error.
401 Un-authorized/expired authorization- No permission to perform the action.
403 Forbidden- Bearer token doesn’t have access.
404 Context not found/ not found- Protocol or end point missing.
405 Wrong method/ method not allowed- URI not matching with the http method.
409 Conflict (Duplication of products added to Wishlist/ Cart)
415 Unsupported media Type- Context type is wrong or body is missing for POST.
422 Unprocessable entity- GitHub cannot have two repos with same name or improper keys.
502 Bad gate way.
505 http version not supported.

18
API Testing in Fireflink: -
Query parameters:
 It’s similar to query string.
 Query parameter are defined as set of parameters attached to the end of the URL.
 It is always displayed in table format.
 Whatever the key & value is added to the table, it is appended to URL and vice versa.

Authorization:
 It’s just like Authentication, providing the access to particular API’s.
 If we want to access secured API then we need to pass authorization.
 For whole project we have to follow only one kind of authorization.
 Ex: - Basic Auth /Bearer Token/ OAuth1/OAuth2.0/etc.

Body:
 Form data  body in the form of key and value pair
 URL encoded body in the form of key and value pair
 Raw body in the form of JSON/XML/HTML/JS/TEXT
 Binary we will upload the body in the form of files.
 Graph QL we will upload the body in the form of graphs.

Pre Requisite:
 It’s similar to pre-condition in fireflink.

Test (Assert):
 Assets are used for validation.

Capture data from response:

 We can capture any data from the response and store it in a variable.

Request chaining:
 After getting the response, save the required data from the response by using
capture data and use it in the next request.

Development Server Test Environment Pre-Production Env. Production Env.


WBT BBT Acceptance HotFix/Incident
 Testing Management




End Users

19