简体繁体 English

REST API 测试常见问题

[英]REST API testing common issues

原文 2016-04-13 01:57:05 3 3 rest/ testing

I have recently started testing rest based web services.我最近开始测试基于休息的 Web 服务。 I am wondering what are common issues faced while testing them.我想知道在测试它们时遇到的常见问题是什么。

I generally look for我一般找

response status (http code is among 200/400/500)响应状态（http 代码在 200/400/500 之间）
response headers (cache control, response type, content length )响应头（缓存控制、响应类型、内容长度）
if expected fields / values are present in json response.如果 json 响应中存在预期的字段/值。

I want to know what else to look for and issues in general while testing rest based web services我想知道在测试基于休息的 Web 服务时还需要寻找什么和一般问题

3 个解决方案

This is actually a very broad question but, here are the things that I look for while testing rest API's:这实际上是一个非常广泛的问题，但是，以下是我在测试 rest API 时要寻找的东西：

Response codes, Response headers响应代码、响应头
Check if Authentication/Authorization is correct based on user privileges根据用户权限检查身份验证/授权是否正确
Check to see if the supplied value can break the output检查提供的值是否可以破坏输出
Intentionally pass different Data-Type values to see if proper handling is done or not故意传递不同的数据类型值以查看是否进行了适当的处理
Use load testing tools to see how many concurrent requests an API can handle使用负载测试工具查看一个 API 可以处理多少并发请求

Again these are just a few things that will depend on the type of API you are building.同样，这些只是一些取决于您正在构建的 API 类型的事情。 Feel free to add more as you progress.随着您的进步，请随意添加更多内容。

There are many, but let me share a few that aren't even specifically API issues but a full API integration test will help find it.有很多，但让我分享一些甚至不是专门的 API 问题，但完整的 API 集成测试将有助于找到它。

We did an integration API test where a publisher's product listing endpoint was hit, and then we randomly picked 100 of those products.我们做了一个集成 API 测试，其中发布了一个发布商的产品列表端点，然后我们随机选择了 100 个这些产品。 Every few weeks we would find a bunch of bad product ID's.每隔几周我们就会发现一堆不良的产品 ID。 How was it possible?怎么可能？ They would update the database but the product listing endpoint was cached and had bad information for hours until it was refreshed automatically.他们会更新数据库，但产品列表端点被缓存并且有几个小时的错误信息，直到它自动刷新。

Another time we found an e-commerce company in Brooklyn that, on average, had 3,500 products out of their 50k+ were missing a category.还有一次，我们发现布鲁克林的一家电子商务公司平均有 50k+ 种产品中有 3,500 种产品缺少一个类别。 This meant 3,500 products not showing up if you browsed by categories, and potential lost sales.这意味着如果您按类别浏览，则有 3,500 种产品不会显示，并可能导致销售损失。

We have a whole case study of this stuff on our website.我们的网站上有关于这些东西的完整案例研究。 Weird and unexpected stuff happens all the time.奇怪和意想不到的事情总是发生。 Test for everything and catch as much as you can.测试一切并尽可能多地捕捉。 Every object in the payload should be verified, it may seem like overkill but there are platforms that can do all that work for you.应验证有效负载中的每个对象，这似乎有点矫枉过正，但有些平台可以为您完成所有工作。

Here are suggestions based on my experience while testing Restful APIs.以下是基于我在测试 Restful API 时的经验的建议。

Make sure that you are validating proprietary headers if you are using with your APIs.如果您与 API 一起使用，请确保您正在验证专有标头。
Confirm that you are including correct location header in the response so that Rest API caller can use that for verification or for subsequent calls.确认您在响应中包含正确的位置标头，以便 Rest API 调用方可以将其用于验证或后续调用。
Check that location header protocol is correct ie as per your design.检查位置标头协议是否正确，即根据您的设计。 (http/https). (http/https)。 It's very important for subsequent calls.这对于后续调用非常重要。