Exploring HTTP requests types (GET, POST, PUT and DELETE) and...
Read More
Hello People,
So far in this series you would have learnt about the basics of API, how to build an API request, Examples of REST and SOAP API and how to do a JSON schema validation for your responses. Other than schema validation, we have to check some more attributes from the API response. So how do we do that? That’s where we need to create assertions, which are nothing but similar to the front end test cases.
For any application we will be drafting a list of scenarios/test cases to be validated right? Same way for APIs we need to add few assertions as part of the scripting.
Assertions are the validations done to the HTTP response received back from the server. So every time when you receive the response there are few things to validated as part of the API Tests.
For example, for any API the response code is one of the basic attribute to be validated right. We will add an assertion to check if the specific API response code is always as expected. If any response code other than the expected one is treated as failed test case.
Well, you might now have a question what all should be covered as assertions for your API.
This is a million dollar question. Because we have few generic validations like Status code, Response Time, Response Headers, Cookies etc. Other than this the assertions vary from API to API, based on the response values, project requirements, API design etc.
So here we will consider an public REST API endpoint: https://vpic.nhtsa.dot.gov/api/vehicles/getallmanufacturers?format=json
In this JSON response we will try to cover the possible assertions.
Let's see how assertions can be done using KarateDSL
KarateDSL provides a variety of assertions and matchings for API response validation.
These features are one of the most critical aspects to guarantee that the response obtained is in accordance with the business needs and that the keys have the appropriate values.
Because of the powerful JsonPath evaluation and matching techniques, Karate has made the implementation of assertions very simple and effective for its users.
These features are amongst the most important factors in ensuring that the response obtained meets the business requirements and that the keys have the correct values.
Let’s look at a few examples to understand how simple and effective Assertion is?
Please note, steps for test execution and report view will be same for respective feature files.
Enter feature file name in the runner class > Execute TestRunner file > Once the execution is complete, copy-paste report url on the browser to view detailed Karate Report.
Example 1: Check Response Status
In Following example “Then status 200” is used to verify the response status code.
If the response code does not match with the actual code then the test case will fail.
for example, actual status code is 200 but instead 201 is passed in the scenario.
If you want to add validation for either of the response code that can be done by using “||” OR operator.
If you want to validate responseStatus alternatives, you can do so by using square brackets around the response status range.
Or you may also use – karate.range() method.
Example 2: Check the response time.
We may use the responseTime keyword to verify API response time, just as we do with the responseStatus keyword. It basically saves the current API’s response time (in milliseconds).
Failure Case is as follows:
Example 3: Check the response headers
Response headers can be validated using “responseHeaders” keyword, as the values will be stored in this variable. Since, it is a “map of lists” hence you will have to define a variable consisting of the [‘header name’] with [0].
Refer following code snippet:
Example 4: Response body check
Validate count of Result array with Count key from the API response
If you want to fetch array size, you may use karate.sizeOf(array_variable) as shown in below code snippet.
Let's see how assertions can be done using POSTMAN
Learning about the assertions, we have two places in Postman where we write the customized code snippets in JavaScript.
For any steps/validations to be done before hitting the server will be covered in “Pre-request” Script section.
Any validation/actions to be performed in the response will be covered under “Tests” section. So our assertion code snippets will be written in the “Tests” section.
One of my favorite section in Postman is the ready-made code snippets available in the left tab. Once you click the “Tests” section, it will guide you on the list of snippets available.
So even if you miss the syntax, you can select the related one from here and edit based on your API response. After adding the assertions once you send the request every time the added assertions are validated and the results are displayed under the “Test Results” tab in Response window. Since Postman is having inbuild Chai Assertion Library. You can visit this site to know more about chai. The best thing here is, the assertions will be in a user friendly readable manner. Any one can understand it very easily.
So we will start adding the basic assertions.
Example 1: Check the response code
From the list of code snippets select the below:
pm.test("Status code is 200", function (){
pm.response.to.have.status(200);
}); This snippet is now placed inside “Tests”. Now if you hit “Send” you test case will either pass of fail based on the response code.
Additionally you can validate the response code message as well.
pm.test("Status code is 200 OK", function () {
pm.response.to.have.status(200);
pm.response.to.have.status('OK');
}); If you are expecting more than one response code and if that means success, then you can edit the snippet as below:
pm.test("Successful POST request", function () {
pm.expect(pm.response.code).to.be.oneOf([200,201,202]);
}); Example 2: Check the response time
Select the below snippet.
pm.test("Response time is less than 200ms", function () {
pm.expect(pm.response.responseTime).to.be.below(200);
}); This snippet is now placed inside “Tests”. But you can modify the response time based on your API design/documentation. If your API should have a response time between 2000 to 3000 milliseconds then you can edit the generalized as below:
pm.test("Response time validation", function () {
pm.expect(pm.response.responseTime).to.be.below(3000);
pm.expect(pm.response.responseTime).to.be.above(2000);
}); Based on the actuals, the Test case might pass/fail.
Example 3: Check the response headers
Select the below snippet.
pm.test("Content-Type is present", function () {
pm.response.to.have.header("Content-Type");
}); This snippet will verify if the header “Content-Type” is present in the response, if you are expecting any specific value as part of “Content-Type” you can tweak your script.
This test case is passing because the response had the “Content-Type” header.
Example 4: Response body check
When we need to add assertions as part of the response, we should parse the response and store in a variable as JSON object. We discussed this in our earlier post. Please check here and brush-up if needed:
For better assertions in our response, we will add the below variables:
var resp = pm.response.json();
var names = pm.response.json().Results;
var count = pm.response.json().Count;
As we are aware Postman is using inbuild chai assertions, we can write out test cases based on that.
Based on the requirements/sample API response/API documentation we need to add different assertions. Here, based on our public API response, we can write few possible assertions to validate the response.
To validate the count we can have different set of validations. To check if the count field in the response is matching the count of the array “names” we can use the below snippet.
//to check the length
pm.test("count vs length", function () {
pm.expect(names).to.have.length(count);
});
Same way the assertions can be extended based on the response body values.
For some more examples and details please refer:
https://learning.postman.com/docs/writing-scripts/script-references/test-examples/
These are few assertions which can be added as part of your test cases, to perform an exhaustive testing you need to understand the business requirements and purpose of your APIs. We learnt how to create few assertions n Postman and KarateDSL, please explore and try to add different assertions to become a master in writing API test cases.
Dear readers, thank you for your time. See you in the next few days with our next topic!!
Exploring HTTP requests types (GET, POST, PUT and DELETE) and...
Read More
Exploring different Auth Types(Basic Auth, API_Key, OAUTH2.0) and how to...
Read More
Exploring handling of REST API endpoints using Postman and KarateDSL
Read More
Exploring handling of SOAP API endpoints using Postman and KarateDSL
Read More
Exploring Schema Validation using Postman and KarateDSL
Read MoreMeet the brains behind this learning series!
