Product Engineering

Testing the Rest APIs with Swagger

shutterstock_503854255

As we come to the last stage of our 4 blog journey, we will focus on Swagger to test the Rest APIs.

Swagger UI  is an open source tool which generates a web page. This web page documents the Restful APIs generated by Swagger specification. This UI presentation of APIs is user friendly, easy to understand with all the complexity of business logic kept behind the screen. This is a great tool for developers, testers and end consumers, to understand the end points. It also allows you to manually test these APIs from this web page. Please see below the sample screenshot of how the UI looks.

Adding Some “Swag” To Your API Testing

The Swagger UI is automatically generated from any API defined in the Swagger specification, and can be viewed within a browser. Swagger UI can be used as is provided by Swagger. Or we can make changes as per the needs and make our own build.

Configuring the Swagger UI

In previous parts of this blog, you learned how to use Swagger in an existing project. To add Swagger UI into our project, you need to add one more dependency (if not already added) in pom.xml file.

<dependency>
<groupId>io.springfox</groupId>
       <artifactId>springfox-swagger-ui</artifactId>
       <version>2.4.0</version>
</dependency>

Testing the APIs manually

Swagger UI provides a rich user friendly interface with all the details of API. These details include the request parameters with its type (path, query, body, etc.), its data type (string, array[string], HttpSession, schema of body type parameter, etc.) and whether it’s a mandatory parameter or not. These details also include the response type (application/json, etc.) and schema of response body.

Since we have already configured the Swagger UI into our project, let’s go to the below URL and have a look.

http://<host>:<port>/swagger-ui.html

If you have configured the pathMapping in Swagger config, then you need to include it as well in above URL.

http://<host>:<port>/<pathMapping>/swagger-ui.html

In the UI, we can see all the controllers listed.

Adding Some “Swag” To Your API Testing

Click one to see list of all the APIs implemented in that controller with its URL.

Adding Some “Swag” To Your API Testing

Clicking it will show us the details of that API along with the fields to enter values for request parameters. If API has default value for any of the parameter, the field will come preset with the value.

Adding Some “Swag” To Your API Testing

Hit Try it out to make a request to that API. The response of this request can be checked to match the expectation from an API.

Adding Some “Swag” To Your API Testing

Swagger UI Extensions

1.API Fortress

It is an automated testing platform that monitors the performance of APIs, validates the accuracy of the entire payload, and provides real-time insights without any coding.

The Swagger specification file is used to create tests. The specification file could be in either of the below format

  • Swagger,
  • RAML 0.8,
  • RAML 1.0,
  • API Blueprint,
  • I/O Docs

There are two ways to include the specification file:

  • Upload a file
  • Referencing an URL

Adding Some “Swag” To Your API Testing

Next step takes you to the listing of all the available API endpoints. Choose an API you want to test, and it creates a test for you. You can modify the test as per your need and publish.

You can run a test manually, or schedule it to run autonomously, and get notified of issues as soon as they happen. The test will generate a detailed report where execution is captured in steps. These details makes the analysis much easier to find the cause of failure when needed.

2. Restlet Client

Restlet Client (known as DHC earlier) enables you to interact with REST services. This client improves the user experience, saves time to debug the REST calls & sharing of requests with others is made convenient.

Swagger can be used as an extension for this client. When integrated, it provides Swagger document in JSON format. Swagger UI also provides its support to Restlet APIs, makes it easy to interact and test the APIs.

3. Rest Secured — API pentesting as a service

Rest Secured service focus is on Restful API black-box testing, the most common comm layer for mobile or web applications. It follows OWASP guidelines, so you may be sure that top issues are covered by this service, it uses exploratory strategies to find unknown vulnerabilities, and most important, it attacks from outside — just like most of the hackers would do.

If development follows API first strategy all we need is paste URL to our Open API specification, service then scans API which may take some time.

In result we receive great insights about potential issues with API with easy to understand remediation plans.

Adding Some “Swag” To Your API Testing

4. Assertible

Assertible makes it simple to create robust API tests using endpoints defined in your Swagger and OpenAPI definitions. Assertible specializes in continuous testing automation and integrates directly into your CI pipeline and deployment processes. By importing a Swagger spec, you can automate the same set of tests for production, staging, and QA environments.

  • Start with importing Swagger specification. To import click on import your swagger spec link provided in the import form on first screen as you log in to Assertible.

Browse the specification file and click Import spec. This will show you the details of all end points provided in specification file. On Create service and tests, Assertible will create tests for all the end points.

Adding Some “Swag” To Your API Testing

  • Now you need to provide all the required parameters and auth details to make a request. If default value of parameter/s is NOT provided in the specification file, Assertible will set the value as undefined. You can also set the request headers here.

Adding Some “Swag” To Your API Testing

Now you need to set the authentication details. Go to Authentication View under Settings tab of the web service, and update the auth details.

Now you are all set to automate the above configured tests.

  • To keep a follow up on the health of your API, it must be monitored in regular intervals. To do this, go to Set up a schedule under Monitoring Create a schedule with your preferred choice of frequency (hourly or daily) based on the nature and criticality of API.
  • Notifications – Now, you must be notified in occurrence of test failures. To configure alerts, navigate to the web service Settings tab, and click Hooks & Alerts. You should see options to configure Slack, Email, or Zapier.

To add an email notification, click on Add one now link in Email hook and add recipient’s email address. See below

Adding Some “Swag” To Your API Testing

5. Swagger Test Templates

Writing tests for a large number of APIs is a tedious job. To do the job easy and fast, the Swagger test templates provide a testing platform to test the endpoints of all the APIs defined in Swagger specification. This can be build either programmatically or through the command line interface.

The testing framework for Swagger Test Templates is built over MochaJS which provides the ability to run asynchronous tests.

Conclusion

So far you have seen how Swagger/Open API could be a great tool to design your APIs. Contract-first design approach makes life easier for developers, stakeholders and consumers of APIs. It saves time of developers to set up the server-side code and client-side code (using Codegen). You can save time spent on writing and testing the code which is not going to add value to your application.

Now it’s time you should try it out with your own preference of language. And, please, do not forget to share your experience in the comments section below.