REST Assured is a Java library .Which, provides a domain-specific language (DSL) for writing powerful, maintainable tests for Restful APIs. Library behaves like a headless Client to access REST web services.

1. API Testing with
Rest Assured & TestNG

2. Topics to be covered
• What is REST assured ?
• Postman vs REST Assured
• What is REST, its Constraints and Architectural Elements .
• Pre Requisite and Requirement.
• Headers and Parameter.
• GET Request using REST Assured
• Authentication and Authorization in Web Services
• POST Request Using REST Assured.
• Data Driven Test Using REST Assured.

3. Common Architecture of Rest Assured

4. What is REST Assured ?
• REST Assured is a Java library .
Which, provides a domain-specific language (DSL) for writing powerful,
maintainable tests for Restful APIs.
• Library behaves like a headless Client to access REST web services.
• Highly Customized HTTP Request can be created to REST Servers.
• Testing and validating REST services in Java is harder than in dynamic
languages such as Ruby and Groovy.

5. Postman vs REST Assured
• Postman - Tool for Exploratory Testing/Manual Testing and Automation
Testing.
• REST Assured - Java Library for Validating Web Services.
• Postman takes lesser time than REST Assured . For best results it is better
to consider both.
• Code Reusability can be done in REST Assured Since, it is a Java Client. But,
in Postman we need to copy request from one collection to another.
• Both Postman and REST Assured can be integrated using Jenkins using
Newman Tool. In REST Assured Maven can be used for Jenkins.

6. WHAT is REST ?
• REST is an acronym for Representational State Transfer.
• It is an architectural style for distributed hypermedia systems.
• Representation State Transfer (REST) is a set of constraints.
Constraints
• Client Server Architecture
• Stateless
• Cache
• Uniform Interface
• Layered System
• Code on Demand (Optional)

7. Constrains
Client – Server- Both Client-Server should be separated to
evolve independently . Client should not know about Business
Layer/Logic or data access layer. Server should not know front end
UI.
Stateless - Server should not store context of the Client.
Which, improves scalability.
Cache - Responses from the server should contain relevant
information to tell whether the Response can be cached by the
client or not.
• Client’s efficiency is improved for cacheable responses where
Client need not make requests to the server. This makes REST API
time efficient.

8. Constraint (contd.)
Uniform Interface
• It Simplifies and decouples the architecture. Which enables each part
to evolve independently.
• Identification & Manipulation of resources through these
representations.
Layered System
• System implementation should be of multiple layers. Eg. MVC
• Layer should not know about the existence of other layers apart from
the layers that it directly interacts with.
• It decreases the complexity of different component within the system.
• Model-Data, View – Output and Controller – Incoming requests.

9. Rest Architectural Elements
• Resource - Information stored on a Server, which can be requested by a
client.
• Resource Identifier - Need to uniquely identify the resource. That is
actually the complete URL.
• Representation - Resource is an actual data which can be represented as
an XML, HTML or may be simple text. It is called a Representation.
• Representation Metadata – It is an extra data needs to be passed in the
request. In order for the Clients to specify and process a resources given in
a particular Representation

10. Domain , URI and Query String

11. Headers and Parameters
• REST headers and parameters contain a wealth of information that
can help you track down issues when you encounter them. For eg.
HTTP connection types, proxies etc.
Headers carry information for
• Request and Response Body
• Request Authorization
• Response Caching
• Response Cookies

12. Headers
• Headers are mostly classified as request headers and response
headers.
• Headers that should be considered in API testing are the following
• Authorization
• WWW-Authenticate
• Accept-Charset
• Content-Type
• Cache-Control

13. Parameters
• REST parameters specify the variable parts of your resources.
• URL (Uniform Resource Locator) is a special case of the URI Uniform
Resource Identifier.
• URI consist of four parts.
• scheme_name:hierarchical_part?query#fragment
• Path Parameter
• Query Parameter
• Fragment Parameter

14. Path parameter & Query parameter
• Path Parameter- Parameters within the path of the endpoint,
before the query string (?). These are usually set off within
curly braces.
• Query parameter appears after “?” in the URL. It comes after
resource path. Following is the example for query parameter.

15. Path parameter & Query parameter

16. Pre Requisites and Requirement.
• Basic Knowledge of Java Programming Language and OOPS
Concepts.
• Eclipse IDE (Java) Installed in PC or Laptop.
• Basic Knowledge of Maven Build Tool, Test NG and
Dependencies.
• Basic Knowledge about Web API and Web Services .

17. Dependencies Required
• Dependencies are another archived—JAR or ZIP which are for
projects in order to compile, build, test, and/or to run.
• The dependencies are gathered in the pom. xml file, inside of a
<dependencies> tag.
• List of Dependencies
• TEST NG
• J unit
• Apache POI
• REST Assured
• Google Simple JSON

18. Dependencies in POM.xml

19. List of Dependencies
• Test NG is an automation framework. NG stands for “Next Generation”
• Test NG overcomes disadvantages of J unit.
• Test NG can be integrated with tools like
Maven and Jenkins.
• Apache POI’s purpose is to create and maintain Java APIs for manipulating
various file formats based upon the Office Open XML standards.
• Google JSON.Simple – simple Java toolkit for JSON

20. GET Request using REST Assured
• Some Points about GET Request
• GET requests can only be used to retrieve data not to modify and it
can be cached.
• GET requests are less secure and should be avoided when trying to
retrieve data from a sensitive resource.
• GET requests parameter data is limited as there are length restrictions
and it can be bookmarked.
• GET requests are prone to get hacked easily.

21. GET Request using REST Assured
• Dummy API has been taken https://reqres.in/api/users/

22. GET Request using REST Assured

23. GET Request using REST Assured

24. Authentication and Authorization in
Web Services
• Authentication is a process to prove that user is the person who is
intended to access API.
• API’s require to provide identification to make REST API Secure
Identification used are
• Username and a Password
• Authentication tokens
• Secret keys
• Bio-metrics and many other ways
• First 3 identification are used in REST APIs

25. Contd.
• REST request can have a special header called Authorization Header.
• Header contain the credentials (username and password) in some
form.
• Once a request with Authorization Header is received, server can
validate the credentials and can let you access the private resources.

26. Basic Authentication
• Pre-emptive and Challenged are the forms of Basic Authentication.
• Pre-emptive sends the basic authentication credentials even before
the server gives an unauthorized response in certain situation.
• It reduces the overhead of making an additional connection.
• In Challenged basic authentication server will not supply credentials
unless server explicitly asked for it.
• This means additional request will be made in order to be challenged
and then followed.

27. Basic Authentication using Pre-Emptive

28. POST Request in REST Assured
• POST is the HTTP method that is designed to send loads of data to a
server from a specified resource.
• POST method will not be visible in the URL, as parameters are not
sent along with the URI.
• Format of an HTTP POST should have HTTP headers, followed by a
blank line, followed by the request body.
• Content-Type header indicates the type of body in the POST request.

29. POST Request in REST Assured

30. POST Request with multiple data