Exploring and modelling Web services - Created by Mark Winteringham / @2bittester © 2017
Workshop goals
Explore the behaviour of a web service
Model our observations of a web service
Create a test suite of checks based on our model
Welcome to 'The best at rest ltd'
Creators of RESTFUL-BOOKER-PLATFORM
A SaaS platform for management to manage their hotels and bookings
RESTFUL-BOOKER-PLATFORM requirements
- Be able to retrieve, create, update and delete a hotel
- Be able to retrieve, create, update and delete bookings for a hotel
- Require a user to be logged in to create, update and delete data
A service-oriented architecture
How do we explore how a Web service?
Proxy Server
'A server... that acts as an intermediary for requests from clients seeking resources from other servers.'
- Caching content
- Security
- Monitoring and filtering
https://en.wikipedia.org/wiki/Proxy_server
How does a proxy server work?
User Interface
Proxy
Service
Iteration one - Explore proxies
- Setup BurpSuite and intercept HTTP requests
- Setup Postman proxy and intercept HTTP requests
Firebug / Developer tools
Log files
Source code
https://github.com/mwinteringham/restful-booker-platform
Iteration two - Explore other tools
- Use Developer tools/Firebug tools
- Discover different log files and trigger events
- View source code and discover more about the application
Modelling?
An abstract representation of the application
Why Model?
How many tests?
How many tests?
How might you model
No right or wrong way
Modelling by API
Doesn't give us feedback on how the API is used
Modelling by behaviour
Models can get quite complicated
Iteration three - Model!
- Record the requests flowing between services
- Build a model of the application
Ensuring coverage
- Work collaboratively
- Try using web spidering tools
- Look at source code for routes
POSTMAN Tests
Setup
- Select the Test tab
- Enter your JavaScript test
- Save your request to a collection
- Click the arrow on your collection to reveal the run option
Resource / Query string
URIs
- Valid and invalid paths
- Resource identifiers
Query strings
- Data types
- Boundaries
- Robustness principle
Headers
- Missing headers
- Positive/negative values
- Redundant headers
Status codes
Positive codes | - 200, 201, 304 |
Negative codes | - 400, 500, 404 |
Do status codes match the way you expect the service to respond?
Payloads
- Data types
- Boundaries
- Robustness principle
Iteration four - Design!
- Using POSTMAN collections create a suite of API tests
- Use your model of the application as reference