Mocking and Monitoring your APIs.pptx

•

0 likes•150 views

Due to APIs, the world is changing faster than ever. Daily, a large number of APIs are developed and adjusted to fulfill the needs of various businesses. These APIs give developers the tools they need to create top-notch applications. The growth of API-first enterprises is one of the key factors influencing interest in API testing. It is currently mentioned in almost all job descriptions for testers. Some suggested techniques can help and make our work more efficient. Automation of our doable daily tasks has benefits. Mocking and monitoring are two crucial elements that aid in improving the API testing procedure. We don't give these two aspects enough consideration as API testers. You can move forward with the testing thanks to mocking, which also provides a number of other benefits. By keeping an eye on your APIs, you can easily see the trend of the API in terms of performance, availability, and functionality. It is advantageous to maintain your awareness of API behaviors. Most apps warn you when something goes wrong, which enables you to act immediately. Takeaways for the audience: Introduction to Mock Servers Mock Process and types of Mocks Advantages of mocking and Tools available What is API Monitoring? Why is API monitoring required?

Technology

Hello!
I am Pricilla Bilavendran
I am here because, I love to talk about APIs and spreading API literacy
among Test engineers!!
2

We will discuss about
◈ Introduction to Mock Servers
◈ Mock Process
◈ Mocking types and tools
◈ Advantages of mocks
◈ Introduction to API Monitoring
◈ Why monitoring?
◈ Tools available
◈ Demo
3

What, When, Why and How?
1. “Mock” your APIs
4

When we talk about Mocks
Mock Objects
In OOPS, mock object is
a simulated object
6
Mock Testing
With the help of mock
objects, simulation is
done for the integration
testing of the individual
components

Is mocking good or bad?
😉
Ofcourse, it is bad with
people and unacceptable.
But it’s good for your API
testing process.
7

8
What is a Mock Server?
◈ Simulate real server
◈ Not real server (call is fake)
◈ Gives the mocked response

How does it work?
Finalize your
expected
response
Configure
your Mock
Server
Server sends
the same
response
9

Types of Mock Servers
10
Public
◈ Accessible to everyone
◈ No Auth required
Private
◈ Only to the intended
user and requires
authentication
◈ Sensitive data

When to use Mock Servers?
◈ New APIs feedback before real development
◈ Under-developed applications/APIs
◈ Unstable server
◈ Integration tests/chaining of APIs
◈ External dependencies
◈ Reduce load to real server
11

“
Don’t watch the clock; do what it does. Keep going
- Sam Levenson
12

Advantages of Mocks
◈ Analysis of responses and provide feedbacks
◈ Testers to write assertions
◈ Development continues when the external service
fails
◈ Avoids data sharing and data privacy is maintained
◈ Supports to test the endpoints individually
13

Tools used
◈ Postman
◈ Stoplight
◈ Wiremock
◈ Mocky.io
◈ Mockoon
14

15
Tips to improve the Mocks
◈ Validate JSON payload before mocking it
◈ Select your tool wisely
◈ Understand the type of project
◈ Public/Private

What, When, Why and How?
2. “Monitor” your APIs
18

◈ Collecting and Analyzing data
◈ Performance and Availability of the API
◈ Security
19
What is API Monitoring?

Top Monitoring Metrics
◈ Overall availability (99.999%)
◈ Response Time
◈ Request Per min
◈ Latency
◈ TTFB/TTLB
◈ Errors per min
20

“
Without logging and monitoring, breaches cannot
be detected - OWASP
21

As per “The 2021 Data Breach Investigations
Report”, 20% of the breaches stay
undiscovered for months. This helps the
hackers to cross layer-by-layer
22

Why API Monitoring?
◈ Understand the trend
◈ Find the security leaks/threats
◈ Outages detection and quick actions
◈ Happy customers
23

Tools available
◈ RapidAPI
◈ ReadyAPI
◈ Postman
◈ New Relic
◈ AWS CloudWatch
24

Best Practices
◈ Analyze the trend
◈ Document the deviations
◈ Never skip the dependencies
◈ CI/CD
◈ Tool Selection
◈ Configure alerting
25

26
Monitoring Vs Observability
Collection of Metrics Technical solutions
Debugging

28
References
❖ https://mock-server.com/
❖ https://learning.postman.com/docs/designing-and-developing-your-
api/mocking-data/setting-up-mock/
❖ https://learning.postman.com/docs/monitoring-your-api/intro-
monitors/#:~:text=Postman%20Monitors%20give%20you%20continuous,and
%20validate%20critical%20API%20flows.
❖ https://www.postman.com/product/integrations/

Thanks!
Any questions?
You can find me at:
@pricillabelwin
29

Credits
Special thanks to all the people who made and
released these awesome resources for free:
◈ Presentation template by SlidesCarnival
◈ Photographs by Unsplash
◈ Backgrounds by SubtlePatterns
30

Similar to Mocking and Monitoring your APIs.pptx

View on-demand: https://wso2.com/library/webinars/api-security-best-practices-and-guidelines/ Modern enterprises are increasingly adopting APIs, exceeding all predictions. With more businesses investing in microservices and the increased consumption of cloud APIs, you need to secure beyond just a handful of well-known APIs. You will need to secure a higher number of internal and external endpoints. At the same time, security itself is a broad area and vendors implement a number of seemingly similar standards and patterns, making it very difficult for consumers to settle on the best option for securing APIs. The sheer number of options can be very confusing. There is much to learn about API security, regardless of whether you are a novice or expert and it’s extremely important that you do because security is an integral part of any development project, including API ecosystems. This webinar will deep-dive into the importance of API security, API security patterns, and how identity and access management (IAM) fit in the ecosystem. DURING THE WEBINAR, WE WILL COVER: Managed APIs OAuth 2.0 and API security patterns Introduction to WSO2 Identity Server How we align with OWASP API security guidelines

API Security Best Practices and Guidelines

WSO2

APIs seem simple. It's just one program talking to another program over a network. However, behind that seeming simplicity lies a complex landscape full of landmines, foot guns and sharp edges. How do you navigate the API terrain without exposing yourself to attack? This talk will cover the API landscape and point out where 'there be dragons'. If you don't have a large number of APIs, you will soon enough so do yourself a favor and follow the map provided in this talk.

Landmines in the API Landscape

Matt Tesauro

From LASCON 2022: APIs are a foundational technology in today’s app-driven world and increasingly becoming the main target for attackers. How do you protect yourself? This talk will walk you through the techniques attackers use against APIs like broken object level authorization (BOLA) by following a typical API pen testing methodology. For each phase and attack, the tables are turned by covering how the attack looks from the defender's point of view including proactive ways to catch attacks early. You’ll understand how attackers find and exploit vulnerabilities and gain insight into why many traditional AppSec approaches fall short for APIs. The goal is to provide a complete overview of API vulnerabilities from both attack and defense perspectives so you can ramp up your testing and protection of all the new APIs in your AppSec life.

Hacking and Defending APIs - Red and Blue make Purple.pdf

Matt Tesauro

apidays LIVE Paris 2021 - Addressing OWASP API Security Top 10 by Isabelle Ma...

apidays

London Adapt or Die: Securing your APIs the Right Way!

Apigee | Google Cloud

Your API Sucks! Why developers hang up and how to stop that.

Apigee | Google Cloud

Watch the live webinar on-demand here - https://curiositysoftware.ie/resources/to-open-banking-and-beyond-api-testing-free-webinar/ With over 35 APIs involved in an average business transaction, API innovation is critical for every organisation. However, microservices and fast-changing components can quickly create overwhelming complexity for architects, developers, and testers. They produce complex arrays of API calls, often leading to QA bottlenecks – or, worse, business-critical systems that have been released with undetected flaws in their APIs. APIs often also work with sensitive data, making it essential to remove risk from API releases. Otherwise, initiatives like Open Banking can turn from an opportunity to a compliance nightmare. The challenge is that the time available to test APIs is only becoming shorter, while the complexity of the systems is increasing. API testing must become both more iterative and more granular. This webinar will show why enterprises across banking, retail, telecoms, and more are combining Model-Based Testing and API Test Automation to overcome API complexity. You will see how Test Modeller builds rigorous API tests automatically in-sprint, pushing them to API Fortress for execution. This approach enables QA teams to ensure that APIs deliver business value, building seamlessly on the skills and techniques they use today. Key takeaways: 1. Organizations investing in APIs must maintain API resilience, reliability, performance, and security. 2. Companies can significantly decrease risk while accelerating releases by combining model-based testing with complete test data management. 3. Test Modeller enables model-based API test automation, using coverage algorithms to create functional and data-driven API tests. 4. Testers can reuse functional API tests in API Fortress as integration tests, load tests, and functional uptime monitors with unlimited deployment and no metered usage fees.

To Open Banking and Beyond: Developing APIs that are Resilient to every new I...

Curiosity Software Ireland

Common Security API Issues and How to Mitigate Them Using Postman

Postman

Engineering Student MuleSoft Meetup#3 - API Implementation using APIKIT route...

Jitendra Bafna

Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies December 6, 7 & 8, 2023 Building an Inventory: How to identify all the APIs hidden in plain sight? Maria Teresa Pereira, Senior IT Advisor / Pentester - Cybersecurity Services at KPMG Portugal ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Paris 2023 - Building an Inventory, Maria Teresa Pereira, KPMG Portugal

apidays

I've seen a lot of NodeJs applications. I see a lot of misunderstandings around architectural patterns. 99% of NodeJS tutorials do not cover this topic and limited to "hello world" apps. How to build a really large application? How to think about architectural layers? What is wrong with the majority of JS frameworks? How does GraphQL influence my architecture? I will answer all of these questions.

"The working architecture of NodeJs applications" Viktor Turskyi

Julia Cherniak

Mobile testing - the releationship between tests, business goals and design c...

Derk-Jan de Grood

2022 APIsecure_A day in the life of an API; Fighting the odds

APIsecure_ Official

Why your APIs should fly first class

LibbySchulze

API Testing and Hacking (1).pdf

Vishwas N

API Testing and Hacking.pdf

Vishwas N

API Testing and Hacking.pdf

VishwasN6

If you want to get up and running quickly with Postman, this one’s for you. In this webinar, we will show you: - How to get started with Postman - Key tips and tricks - Where to find documentation and help The webinar will start off with an overview of the Postman API Platform and its capabilities, then we'll dive straight into easy-to-follow demonstrations of how you can query an API, test it, and share it within your team or externally. Finally, we’ll wrap it up with a live Q&A with Arlemi, Sowmya and a few additional Postman brains.

Postman 101 for developers

Postman

Monitoring Solutions for APIs

Apigee | Google Cloud

apidays LIVE Singapore 2021 - Why verifying user identity Is not enough In 20...

apidays

Similar to Mocking and Monitoring your APIs.pptx (20)