Testing the Rest APIs with Swagger
As we come to the last stage of our 4 blog journey, we will focus on Swagger to test the Rest APIs.
Swagger UI is an open source tool which generates a web page. This web page documents the Restful APIs generated by Swagger specification. This UI presentation of APIs is user friendly, easy to understand with all the complexity of business logic kept behind the screen. This is a great tool for developers, testers and end consumers, to understand the end points. It also allows you to manually test these APIs from this web page. Please see below the sample screenshot of how the UI looks.
The Swagger UI is automatically generated from any API defined in the Swagger specification, and can be viewed within a browser. Swagger UI can be used as is provided by Swagger. Or we can make changes as per the needs and make our own build.
Configuring the Swagger UI
In previous parts of this blog, you learned how to use Swagger in an existing project. To add Swagger UI into our project, you need to add one more dependency (if not already added) in pom.xml file.
<dependency> <groupId>io.springfox</groupId> <artifactId>springfox-swagger-ui</artifactId> <version>2.4.0</version> </dependency>
Testing the APIs manually
Swagger UI provides a rich user friendly interface with all the details of API. These details include the request parameters with its type (path, query, body, etc.), its data type (string, array[string], HttpSession, schema of body type parameter, etc.) and whether it’s a mandatory parameter or not. These details also include the response type (application/json, etc.) and schema of response body.
Since we have already configured the Swagger UI into our project, let’s go to the below URL and have a look.
If you have configured the pathMapping in Swagger config, then you need to include it as well in above URL.
In the UI, we can see all the controllers listed.
Click one to see list of all the APIs implemented in that controller with its URL.
Clicking it will show us the details of that API along with the fields to enter values for request parameters. If API has default value for any of the parameter, the field will come preset with the value.
Try it out to make a request to that API. The response of this request can be checked to match the expectation from an API.
Swagger UI Extensions
It is an automated testing platform that monitors the performance of APIs, validates the accuracy of the entire payload, and provides real-time insights without any coding.
The Swagger specification file is used to create tests. The specification file could be in either of the below format
- RAML 0.8,
- RAML 1.0,
- API Blueprint,
- I/O Docs
There are two ways to include the specification file:
- Upload a file
- Referencing an URL
Next step takes you to the listing of all the available API endpoints. Choose an API you want to test, and it creates a test for you. You can modify the test as per your need and publish.
You can run a test manually, or schedule it to run autonomously, and get notified of issues as soon as they happen. The test will generate a detailed report where execution is captured in steps. These details makes the analysis much easier to find the cause of failure when needed.
Restlet Client (known as DHC earlier) enables you to interact with REST services. This client improves the user experience, saves time to debug the REST calls & sharing of requests with others is made convenient.
Swagger can be used as an extension for this client. When integrated, it provides Swagger document in JSON format. Swagger UI also provides its support to Restlet APIs, makes it easy to interact and test the APIs.
3. Rest Secured — API pentesting as a service
Rest Secured service focus is on Restful API black-box testing, the most common comm layer for mobile or web applications. It follows OWASP guidelines, so you may be sure that top issues are covered by this service, it uses exploratory strategies to find unknown vulnerabilities, and most important, it attacks from outside — just like most of the hackers would do.
If development follows API first strategy all we need is paste URL to our Open API specification, service then scans API which may take some time.
In result we receive great insights about potential issues with API with easy to understand remediation plans.
Assertible makes it simple to create robust API tests using endpoints defined in your Swagger and OpenAPI definitions. Assertible specializes in continuous testing automation and integrates directly into your CI pipeline and deployment processes. By importing a Swagger spec, you can automate the same set of tests for production, staging, and QA environments.
- Start with importing Swagger specification. To import click on
import your swagger speclink provided in the import form on first screen as you log in to Assertible.
Browse the specification file and click
Import spec. This will show you the details of all end points provided in specification file. On
Create service and tests, Assertible will create tests for all the end points.
- Now you need to provide all the required parameters and auth details to make a request. If default value of parameter/s is NOT provided in the specification file, Assertible will set the value as undefined. You can also set the request headers here.
Now you need to set the authentication details. Go to
Authentication View under
Settings tab of the web service, and update the auth details.
Now you are all set to automate the above configured tests.
- To keep a follow up on the health of your API, it must be monitored in regular intervals. To do this, go to
Set up a scheduleunder
MonitoringCreate a schedule with your preferred choice of frequency (hourly or daily) based on the nature and criticality of API.
- Notifications – Now, you must be notified in occurrence of test failures. To configure alerts, navigate to the web service
Settingstab, and click
Hooks & Alerts. You should see options to configure Slack, Email, or Zapier.
To add an email notification, click on
Add one now link in Email hook and add recipient’s email address. See below
Writing tests for a large number of APIs is a tedious job. To do the job easy and fast, the Swagger test templates provide a testing platform to test the endpoints of all the APIs defined in Swagger specification. This can be build either programmatically or through the command line interface.
The testing framework for Swagger Test Templates is built over MochaJS which provides the ability to run asynchronous tests.
So far you have seen how Swagger/Open API could be a great tool to design your APIs. Contract-first design approach makes life easier for developers, stakeholders and consumers of APIs. It saves time of developers to set up the server-side code and client-side code (using Codegen). You can save time spent on writing and testing the code which is not going to add value to your application.
Now it’s time you should try it out with your own preference of language. And, please, do not forget to share your experience in the comments section below.