My Testing Thoughts

  Pynt is a free API security solution that generates automated security tests based on your existing functional test collection within postman. It appeals to perform dynamic security testing covering all the OWASP API Top 10. More details:  https://www.postman.com/pynt-io/workspace/pynt/overview I tried and it looks promising. #pynt   #postman   #apisecurity   #testing   #security

 If you use this code as mentioned in few other blogs and videos:   Map<String, String> headers = new HashMap<String, String>(); headers.put("Content-Type", "multipart/form-data"); byte[] fileContent = FileUtils.readFileToByteArray(new File(filePath)); RestAssured.given().headers(headers).body(fileContent).post(url);   There are high chances that you will get errors related to content-type or "400 - Request is not a multipart request". So, the solution is to use: .multiPart("file", new File("/path/to/file"),"application/pdf"). Please note that I have used "application/pdf" as 3rd param in the multiPart method and this value should be passed as per the file type that you are uploading like for the png file it should be "application/octet-stream", for JSON file it should be "application/JSON". multiPart is an overloaded method that can take max 3 parameters:   a)

How to parse XML and validate the response fields using the cheerio library in postman? Sample URL :  https://www.w3schools.com/xml/tempconvert.asmx Sample Request Payload : <soap12:Envelope xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance " xmlns:xsd=" http://www.w3.org/2001/XMLSchema " xmlns:soap12=" http://www.w3.org/2003/05/soap-envelope ">     <soap12:Body>         <FahrenheitToCelsius xmlns=" https://www.w3schools.com/xml/ ">             <Fahrenheit>108</Fahrenheit>         </FahrenheitToCelsius>     </soap12:Body> </soap12:Envelope> Expected Response : <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap=" http://www.w3.org/2003/05/soap-envelope " xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance " xmlns:xsd=" http://www.w3.org/2001/XMLSchema ">     <soap:Body>         <FahrenheitToCelsiusResponse xmln

RestAssured Vs Karate Initial Score: Rest Assured 0- Karate 0 1) RestAssured is really good but there is no built-in way to do a full equality match of a JSON payload in one step (not talking about extracting a particular field out of the response JSON). Contrary to this, Karate offers full JSON Comparison with so much ease (as shown in the first image below). And in case you have some node that shows dynamic value then you can simply ignore it by using hashtag # ignore for that node (as shown in the second image below). Note* There is no direct command to compare the whole response in RestAssured at once but we can still use JsonPath to parse the JSON file into a Map and then compare it with Hamcrest Matchers. Current Score: Rest Assured 0- Karate 1 2) Ease of using matchers: The powerful matching logic of Hamcrest is unbeatable in Rest Assured. Of course, we can use RegEx and Macros in Karate for the match but you need to learn that first. Final Score: Rest Assured 1

Of course, we should ensure that even our basic API tests are built to cover "Triple S" checks i.e. Status code, Schema, and Scenario checks but when we test our APIs, we should NOT just focus on the request and response part of our APIs but most importantly we should understand that how application(s) are going to consume our APIs. This will definitely give you a solid set of additional use cases from an end-user point of view to cover all your bases.

Recently came across a really cool Java API called Fillo. It is an open-source API that lets you query Excel files (xls & xlsx) and it supports select, insert & update queries. Maven dependency for Fillo: https://mvnrepository.com/artifact/com.codoid.products/fillo My requirement is to fetch the APIs Name where Type=Regression and Run=Yes from below shown Excel table. I have given a shot to simple queries and it works fine. Please check more details here: https://codoid.com/fillo/ P.S. I'm a strong believer in 'we should use Public APIs instead of creating utilities from scratch' unless we have some other restrictions like legal etc. #testautomation   #automationtesting    #tipsandtricks   #fillo   #queryExcel

With GraphQL, what you queried is what you get, nothing more and nothing less. It is easy to use as it has a JSON like syntax and also provides lots of performance benefits. Here's a query for the Star Wars API: https://swapi.apis.guru/graphiql query{ allFilms { films { id title episodeID } } } This query returns the id, title, and episodeID of the 6 original Star Wars movies. Now consider that there are 2 vendors that are consuming this API and one of them wants id, title, and episodeID and the other one wants the only id, and title but NOT the episodeID. Now without GraphQL, we would have created 2 versions of this API i.e. the first one with the id, title, and episodeID in the response and the second version giving a response with id and title only. Isn't it a headache to maintain so many versions if you have different requests from various vendors that are consuming your APIs? That's where a GraphQL is a real lifesaver. Please check graphQLComplete method shown