API Testing Using Postman – Part 2: Advanced Scenarios and Interview Q&A

•  API helps to communicate between two different applications and also which are coded in 2 different languages.
• For example, Google developed maps that contain open-source APIs. Maps are not only used by Google but also by different applications such as whatsapp, FB, snap etc.

• API vs Webservice: API is a request which will be developed offline without using of public server and Webservice is also an API but it is deployed in the server and made available for the public.
• All Webservices are API but all APIs are not Webservices.
• An API is called a Webservice when an API is deployed in a public server and makes it available for everyone.

Two Types of API:

1. Simple Object Access Protocol(SOAP). (XML format)
2. REST(Representational State Transfer). (JSON, XML, etc.)

• SOAP is a very old tool and it is difficult to understand the request and response sometimes.
• Currently, we are using REST services. we have 4 major commands to request or to get the response.

1. GET - used to get the requested info from the Database.
2. POST - used to create a new item in DB.
3. PUT - used to update the existing item in DB.
4. DELETE - used to delete existing items from DB.

👋 Hi, I'm Suriya — QA Engineer with 4+ years of experience in manual, API & automation testing.

📬 Contact Me | LinkedIn | GitHub

📌 Follow for: Real-Time Test Cases, Bug Reports, Selenium Frameworks.

API Testing Using Postman – Part 1: Beginner Guide with Real-Time Examples

Client and Server: The client is a computer or local machine which is from the user's end and the server is a place where the data is stored.

Client and server are divided into 3 categories.

• 1-Tier -  It has only 1 client and 1 server.
• 2-Tier -  It has multiple clients but contains only one server.
• 3-Tier -  It will have 3 layers.

           Client(Presentation layer)[multiple clients]

           Business logic(Application layer)[multiple API's]

           Server(Data layer)[Multiple servers]

API - Application Programming Interface.

•  Application - It works for a Web Application. It is called an Application Layer.
• Programming - we will send API requests through code which are written in programming languages(Eg: java, python etc.).
• Interface - It will act as an interface or communication barrier between client and server.

Uses of API Testing:

• Generally, we test the UI using selenium and we check whether every functionality is working or not. But, when it comes to API Testing we send a request to the server based on the request it will give the response. In the response itself, we can check whether all the functionality is working or not. 80% of the Testing is completed within less time if you know API Testing and 20% will be testing the UI elements, colour buttons etc.
• No need for UI Testing by 100%.If we perform API Testing.
• We can perform API Testing once the backend code and the APIs are ready. A gap will occur between the presentation and Application layer(it will take time to create UI). In that time, we can test our application using API's. 
• API Testing is simple and easy to learn compared to Selenium web application Testing.

👋 Hi, I'm Suriya — QA Engineer with 4+ years of experience in manual, API & automation testing.

📬 Contact Me | LinkedIn | GitHub

📌 Follow for: Real-Time Test Cases, Bug Reports, Selenium Frameworks.

Must-Have Security Test Cases for Your Web Application

1. Try to directly access the bookmarked web page without logging into the system.

2. Verify that the system should restrict you from downloading the file without signing in to the system.

3. Verify that previously accessed pages should not be accessible after logging out i.e. Sign out and then press the Back button to access the page accessed before.

4. Check the valid and invalid passwords, password rules say it cannot be less than 8 characters, user ID and password cannot be the same etc.

5. Verified that important i.e. sensitive information such as passwords, ID numbers, credit card numbers, etc should not be displayed in the input box when typing. They should be encrypted and in asterisk format.

6. Check Is bookmarking disabled on secure pages? Bookmarking Should be disabled on secure pages.

7. Check Is Right Click, View, Source disabled? The source code should not be visible to the user.

8. Check if your server locks out an individual who has tried to access your site multiple times with invalid login/password information?

9. Verify the timeout condition, after a timeout, the user should not be able to navigate through the site.

10. Check Are you prevented from doing direct searches by editing content in the URL?

11. Verify that the restricted page should not be accessible by a user after session time out.

12. ID/password authentication, the same account on different machines cannot log on at the same time. So at a time, only one user can log in to the system with a user ID.

13. ID/password authentication methods enter the wrong password several times and check if the account gets locked.

14. Add or modify important information (passwords, ID numbers, credit card numbers, etc.). Check if it gets reflected immediately or caching the old values.

15. Verify that the Error Message does not contain malicious info so that hackers will use this information to hack the website.

👋 Hi, I'm Suriya — QA Engineer with 4+ years of experience in manual, API & automation testing.

📬 Contact Me | LinkedIn | GitHub

📌 Follow for: Real-Time Test Cases, Bug Reports, Selenium Frameworks.

The Different Types of Logs and How to Use Them

 

👋 Hi, I'm Suriya — QA Engineer with 4+ years of experience in manual, API & automation testing.

📬 Contact Me | LinkedIn | GitHub

📌 Follow for: Real-Time Test Cases, Bug Reports, Selenium Frameworks.

9 Types of API Testing to Improve Your Website Performance

 

👋 Hi, I'm Suriya — QA Engineer with 4+ years of experience in manual, API & automation testing.

📬 Contact Me | LinkedIn | GitHub

📌 Follow for: Real-Time Test Cases, Bug Reports, Selenium Frameworks.