API TESTING 2

API TESTING 2

I. What are HTTP status codes?

Browsers and servers interact via the Hypertext Transfer Protocol (HTTP) status code. The browser transmits your request to a server, which then delivers a response when you use the internet to seek information from a server. The HTTP status code, which informs the browser of the request's status and whether or not something went wrong, as well as the reason for the error, is a component of that response. The requested page, the client's browser, and the server are among the details carried by HTTP headers for requests and answers, and these details can determine the status codes.

II. What are common HTTP status codes?

Numerous HTTP status codes are available. Wikipedia now lists 75 different status codes, the majority of which you've probably never heard of

1xx informational response

Communicates transfer protocol-level information. 

• 1. 100 Continue, this response means everything is functioning properly and can proceed. The code indicates the server is processing the request and can complete it. The 100 code is an interim response and tells you the request has not caused an error. 
• 2. 101 Switching Protocol, the server received the data request and can comply. The server, however, will change protocols based on information in the Upgrade header field. This status code does not indicate an error. 
• 3. 102 Processing, the server received the request, but there isn't any response yet. The server is processing the request, which is ongoing. This code also indicates an error has not occurred.  

2xx success

The client accepts the request and is processed it successfully at the server.

• 1. 203 Non-Authoritative Information, the returned data does not match the data available on the server. This often can indicate the data arrived via a proxy source of the server that contained the original data. This code means the server received a 200 OK from its origin, but it's returning a modified version of the response.
•  2. 204 No Content, the server sends this code when it received and understood the request. With this code, though, the server is signaling it has no data to return. Even though there's no content to send, this code indicates the HTTP headers are proper. 
• 3. 205 Reset Content, the server has completed the request, but there was a problem. This status code represents a correctable error. You can solve this by resetting the document view and trying again.  

3xx redirection

Indicates that the client must take some additional action in order to complete their request. Most of the codes related to this series are for URL Redirection. 

• 1. 300 Multiple choices, The request has more than one potential response. The server often sends a report with this code that includes a list of the potential choices. To get the data, you can choose from the responses the server provides. 
• 2. 301 Moved permanently, This code indicates the URL no longer exists or is broken. This message often includes the new URL for you to use. It also signifies to the user to update all references to this URL. 
• 3. 302 Found, The Uniform Resource Identifier (URI) changed, but the change is not permanent. A 302 Found means more changes might occur in the future, so consider using the new URI to complete requests. This code is one way to create a temporary redirect. 
• 4. 305 Use proxy, The request needs to use a server proxy to complete successfully. This message tells the user to send the request again. The second request will go to the server proxy, which can provide the data. 
• 5. 307 Temporary redirect, This response means the Uniform Resource Identifier is different. The server has to use a new, temporary URI to return data. This code also indicates future requests likely won't use the temporary URI and will function as normal. 

4xx client errors

This category of error status codes points the finger at clients (these are specific to client-side errors.)  

• 1.400 Bad request, this code indicates invalid syntax prevented the server from receiving a request. Servers return this code when the requester made the error and should correct it before trying again. This could mean the client used invalid message framing or improperly routed the message. 
• 2. 401 Unauthorized, the server cannot complete the request. The server believes the user does not have the authorization to receive the data. After sending this code, a server won't complete the request until user authentication happens. 
• 3. 403 Forbidden, the server understood the request, but it is refusing to fulfill it. Sometimes, the user does not have access to the requested content or data, and the server rejects the request. This also can mean the client needs an account to request data or the request would create a duplicate record. 
• 4. 404 Not found, the 404 error is one of the most common codes servers send. The error means the server can't find information in that location now, but it might be able to in the future. It also can occur when a page has a new location, but a user didn't provide the old one with a redirect. 
• 5. 408 Request timeout, this code means a request took too long to process. It also could indicate the request didn't make it through to the server. Sometimes, internet problems can interrupt the process, but the user can try again. 
• 6. 410 Gone, the information a user requested from the server no longer exists. This code means the information existed at some point, but it doesn't anymore. The server also can't tell you whether the information exists somewhere else. 
• 7. 422 Unprocessable Entity, the request was well-formed but was unable to be followed due to semantic errors. 
• 8. 429 Too Many Requests, The user has sent too many requests in a given amount of time.

5xx server errors

The browser makes a valid request, but an error happened on the server side of the process (these are specific to the server-side error).

• 1. 500 Internal Server Error, a generic error message, is given when an unexpected condition was encountered and no more specific messages are suitable. 
• 2. 501 Not Implemented, the server either does not recognize the request method or lacks the ability to fulfill the request. Usually, this implies future availability (e.g., a new feature of a web-service API). 
• 3. 502 Bad Gateway, the server was acting as a gateway or proxy and received an invalid response from the upstream server. 
• 4. 503 Service Unavailable, the server cannot handle the request (because it is overloaded or down for maintenance). Generally, this is a temporary state 
• 5. 504 Gateway Timeout, the server was acting as a gateway or proxy and did not receive a timely response from the upstream server 
• 6. 505 HTTP Version Not Supported, the server does not support the HTTP protocol version used in the request. 

III. What are the common API testing types?

While there are certainly specialty tests, and no list can be asked to be comprehensive in this realm, most tests fit broadly into the following nine categories that you should remember before attending an API testing interview. 

• 1. Validation Testing
• 2. Functional Testing 
• 3. UI testing 
• 4. Load testing 
• 5. Runtime/ Error Detection 
• 6. Security testing 
• 7. Penetration testing 
• 8. Fuzz testing 
• 9. Interoperability and WS Compliance testing

IV. What are the Limits of API Usage?

Many APIs have a certain limit set up by the provider. Thus, try to estimate your usage and understand how that will impact the overall cost of the offering. Whether this will be a problem depends in large part on how data is leveraged. Getting caught by a quota and effectively cut off because of budget limitations will render the service (and any system or process depending on it) virtually useless. 

Read More

API TESTING 1

API TESTING 1

I. What is an API?

API stands for Application Programming Interface which is useful for communication between different software systems. It facilitates data exchange between systems located in different remote places. API is a collection of functions that are executable by other functions of the applications (Web, Desktop, iOS App, and Android Apk).

When you use a mobile application, browser, or desktop application, it connects to the Internet and sends information to a server. The data is subsequently retrieved, interpreted, and sent back to your phone by the server. The application then analyzes the data and displays the information you requested in a comprehensible manner. All of this occurs through an API.

II. What is API Testing?

API (Application Programming Interface) is a computing interface that enables communication and data exchange between two separate software systems. A software system that executes an API includes several functions/subroutines that another software system can perform. API defines requests that can be made, how to make requests, data formats that can be used, etc.

III. What are the advantages of API Testing? 

In an API interview, they are likely to ask about the advantages of API testing. So be prepared with the significant ones such as

• Test for Core Functionality: API testing provides access to the application without a user interface. The core and code-level functionalities of the application will be tested and evaluated early before the GUI tests. This will help detect the minor issues which can become bigger during the GUI testing
• Time Effective: API testing usually is less time-consuming than functional GUI testing. The web elements in GUI testing must be polled, which makes the testing process slower. Particularly, API test automation requires less code so it can provide better and faster test coverage compared to GUI test automation. These will result in cost savings for the testing project. 
• Language-Independent: In API testing, data is exchanged using XML or JSON. These transfer modes are completely language-independent, allowing users to select any coding language when adopting automation testing services for the project.
• Easy Integration with GUI: API tests enable highly integrable tests, which is particularly useful if you want to perform functional GUI tests after API testing. For instance, simple integration would allow new user accounts to be created within the application before a GUI test started.

Read More

URL là gì?

What is the URL?
A URL is a type of uniform resource identifier and is address of a resource on the World Wide Web and the protocol used to access it. It is used to indicate the location of a web resource to access the web pages. For example, to visit the javatpoint website, you will go to the URL www.javatpoint.com, which is the URL for the javatpoint website.
The URL sends users to a specific resource online such as video, webpage, or other resources. When you search any query on Google, it will display the multiple URLs of the resource that are all related to your search query. The displayed URLs are the hyperlink to access the webpages.
A URL (Uniform Resource Locator) contains the information, which is as follows:
The port number on the server, which is optional.
It contains a protocol that is used to access the resource.
The location of the server
A fragment identifier
In the directory structure of the server, it contains the location of the resource.
The additional information about the URL is described below with the help of an example:
Let's take an example: https://www.javatpoint.com/jtp.htm, it indicates the jtp.htm is a file located on the server with the address of javatpoint.com.
http:// or https://
HTTP stands for Hypertext Transfer Protocol, and it is a protocol – or a prescribed order and syntax for presenting information – used for transferring data over a network. Most information that is sent over the Internet, including website content and API calls, uses the HTTP protocol. There are two main kinds of HTTP messages: requests and responses.
The S in HTTPS stands for "secure." HTTPS uses TLS (or SSL) to encrypt HTTP requests and responses, so in the example above, instead of the text, an attacker would see a bunch of seemingly random characters.


www.
The www is used to distinguish the content, which stands for World Wide Web. This portion of the URL can be left out many times, as it is not required. For instance, if you type "http://javatpoint.com," you will still get the javatpoint website. For an important subpage, this portion can also be substituted, which is known as a subdomain.
javatpoint.com
The javatpoint.com is the domain name for the website, and the .com is called TLD or suffix. It helps to identify the location or type of the website. For example, ".org" stands for an organization, ".co.uk" stands for the United Kingdom, and ".com" is for commercial. There are various types of domain suffixes available; you are required to register the name through a domain registrar to get a domain.
jtp.htm
The jtp.htm is the name of the web page, and the .htm is the file extension of the web page, which describes the file is an HTML file. There are many other file extensions available on the internet such as .php, .html, .xml, .jpg, .gif, .asp, .cgi, etc.
Where is the URL located?
A URL is located in the address bar or search bar at the top of the browser window. The URL is always visible in the desktop computers and laptop unless your browser is being displayed in full screen. In most of the smartphones and tablets, when you scroll down the page, the URL will disappear and only show the domain when visible. To visible the address bar, you need to scroll up the page. And, if only the domain is shown and you want to see full address, tapping on the address bar to show the full address.
What characters cannot be used in the URL?
It is realized by many people that space is not allowed in a URL. The URL string can contain only symbols ! $-_+*'(), including alphanumeric characters as it is documented in RFC 1738. Any other characters must be encoded in the URL if needed.
Is an IP address the same as a web address or a URL?
An IP address is not the same as a web address or a URL, as it is a unique number that is assigned to each device on a network. A domain name is assigned a unique IP address on the World Wide Web, and when entered an URL like javatpoint.com, it is translated by DNS into an IP address that used by routers to find web servers. Instead of using an IP address, a domain name is used as it is easy to remember by humans. For example, to remember an IP address like 216.58.216.164 is hard, and much easier to remember 'javatpoint.com.'
Understanding more complex URLs and parameters
A URL performs additional functions and added the parameters (additional information) to the end of the URL when it points to a script. For example, when you search any query on any search engine, it points to a search results page, including the additional information with the search query words.
An URL example is given below that points to the javatpoint search page, including the search query parameter of example search.
https://www.javatpoint.com/cgi-bin/search.cgi?q=example%20search  
In cgi-bin directory, the script file being pointed to is search.cgi in the above URL example. It is assumed to be a Perl script as this file ends with .cgi.
The file name is a question mark (?) after the script. In the URL, the question mark separates the URL from all the variables or parameters to be sent to the script. The parameter being sent is q=example%20search, in the above URL example. The "example%20search" is the value that is sent to the "q" variable. Space is encoded as %20 as spaces are allowed in a URL. Furthermore, a+ is also used to represent space in many scripts.
There is a variable in the example that is executed, as the script uses it. Also, scripts can contain multiple variables; each variable is separated by a symbol & (ampersand), as shown in the following example:
https://www.javatpoint.com/cgi-bin/search.cgi?q=example%20search&example=test  
The above example contains two different variables; the q" variable equals "example search" and the "example" variable equals "test."
Why URL?
The URL is beneficial, as the written information in the URL provides users the option to switch from one web page to another by clicking only one mouse click.
Every URL is unique and tells users how to access a specific resource.
When a user types a URL into the web browser and opens any hyperlink from search results, the browser forwards a request to a webserver to fetch files related to thesearch query.
A website domain or URL identifies one particular file, and it is the most important part of your website. Usually, by using words that end with .net, .com, or .org, you can get traffic on your website.
What is URL Redirect?
A URL redirect is a web server function that takes your URL and points it to another. For example, consider, you had the old URL "myvlogsite.com," and you wanted to visitors' access directly to the new URL "javatpoint.com." Redirect is the best solution for it; when anyone type "myvlogsite.com" in the browser would be redirected to the new URL "javatpoint.com." There are various kinds of redirects for web developers, such as HTTP 3xx series status codes, manual redirects, JavaScript, metatag refreshes, server-side scripts, frame redirects, and more. Furthermore, the URL redirect may also be known as URL forwarding, domain forwarding, HTTP code 3xx redirect, and domain redirection.
There are many reasons for web users may be redirected from one URL to another, such are as follows:
Merging of two websites
Change of business name
To direct content to a recently updated domain name
Landing page-split testing for marketing tests
To direct traffic toward recently updated content
A URL redirect is also used to cause problems for users and their computers through illegal activities like phishing. Additionally, it can be used to remove the search results of web browsers, but nowadays, most of the search engines are capable of detecting these types of fraud attempts. Redirect a web page, the several HTTP protocol 3xx series codes are the most common way. The members of this series have various attributes, such are as follows:
The number 300 provides various redirect choices. For instance, an option to select alternative languages.
The number 301 indicates when a site is moved permanently. For example, when the name of a business has changed.
The number 302 is used for an unspecified redirect.
303 display the output of CGI (common gateway interface) scripts.
307 is used, when a site is to be redesigned.
The website address obtains a new URL when a website visitor is redirected to a newly named website URL. Businesses often change their website's homepage into a redirect page. They transform page with a concurrent message briefly describing the redirect. A meta tag is embedded into the website's source code behind the scenes. The regular visitors of the website will receive an error message "404 - Not Found" without a redirect.
Different types of redirects
1. 301 Redirect
It is a permanent type of unmasked redirect that instructs web browsers to move from one site destination to another automatically. It is one of the most common and searches engine-friendly method for implementing redirects. It should be used when your website was permanently moved to the new address.
2. The redirect can also be used in some programming languages like PHP; programmers can use a canonical 301 redirect to perform a change for many pages in a domain. Furthermore, the 301 redirect passes over 90% of the link juice; thus, it is also beneficial for SEO purposes.
3. 302 Redirect
It is a temporary type of unmasked redirect and not widely used. It is a name for an HTTP status code that is used when a certain URL has been changed temporarily to a different address. Search engines will not index the destination URL, index the original URL, and display it in search results. The browser is redirected from one URL to another with the help of 302 redirects. Additionally, it is characterized as a permanent redirect and based on a different HTTP status code. In many cases, it can return a cleaner and simpler URL for users. To use 302 redirects, other technologies and different search engines have their own specific strategies.
4. 303 Redirect
A 303 redirect is also known as HTTP 303 that is a response to an HTTP status code. It is a specific type of redirect as a response to a request for a URI (Unified Resource Identifier). It also has its own syntax; the W3C specifies to use a GET method to access the desired destination if a request for a different URI.
When should be used a redirect?
1. You have duplicate content
Duplicate content is that it appears more than once on the page. There are multiple pages on Google that contain duplicate content. In this situation, it is difficult for Google to understand which page is the correct one. You can use a 301 redirect on the duplicate piece of content to direct to the original page. It will create a better experience for your users and help to improve your search engine rankings.
2. You have changed your domain
The use of redirect is useful when you are making change your domain name and probably do not want to lose any built links.
3. You have multiple domains
To protect the online brand, some people purchase multiple domain names. So, they will need to redirect any of the old domain to the new domain. Many companies do this to gain additional traffic from common misspellings. Also, they can prevent competitors from buying a similar domain and can redirect them to their own site.
Difference between URL and URI

There are numerous differences between URL and URI, which are as follows:
URL
URI
URL stands for Uniform Resource Locator that used to describe the identity of an item.
URI stands for Uniform Resource Identifier, which offers a technique for defining the identity of an item.
The primary objective of the URL is to get the address or location of the resource.
The primary objective is to find a resource and distinguish it from other resources with the help of a name or location.
URL is a type of URI; therefore, all URLs can be URIs.
URI is the superset of URL; thus, all URIs are not URLs as a URI can be a name rather than a locator.
It is only used for locating web pages.
It is used in various languages such as HTML, XML and other files XSLT, and more.
A URL specifies where a resource is occurring and a way for retrieving a resource.
A URI identifies a resource either by URL or URN or both.
In URL, the scheme must be a protocol such as FTP, HTTP, HTPPS, and more.
The scheme may be anything in URI like a name, specification, protocol, and more.
It contains the protocol information in the URL.
It does not include protocol information.
It includes components like path, domain, hash, string, query, and more.
It includes components such as path, scheme, query, fragment component, and more.
It offers specification on what type of protocol is to be used.
It does not contain protocol specification.
An example of URL: https://google.com
An example of URI: urn:isbn:0-486-27557-4

URI là Uniform Resource Identifier, the way how to determine 1 resource, you can determine 1 resource via locator or name.
URI = URL + URN
URL = Uniform Resource Locator
URN = Uniform Resource Name (VD: isbn của 1 quyển sách chính là URN)
Final: , URL is  URI, but URI may not be URL.

Read More