Difference between REST Client and browser - api

I wonder what is the difference between REST Client like Postman and browser? I want to make API calls but I dont understand why I have to use a REST Client instead of a browser.

A browser permits to create simple GET calls, you invoke a url and obtain the response.
A REST Client permits more possibilities like:
to construct every type of REST/HTTP call such as POST,PUT and DELETE,
add headers to the calls,
build a body for the calls (a json/xml or whatever of want one).
It's a tool more sophisticated.
You can install a standalone one like:
Postman
Insomnia
or install a browser extension for Firefox and Chrome like:
Resting
Rester
Disclaimer: I'm the creator and maintainer of Resting

Related

I have a Master API exposed which calls microservice A and A then called a third party microservice B. I want to mock Service B [duplicate]

I am exploring Karate API double (mocking) for the integration test. For the below scenarios, I'm not getting the expected mocking response. Your help will be appreciated.
My Setup :
1. Karate Mock Server up with pathMatches rules on port 8001: http://localhost:8001 ( working, validated against "/cat" and some test calls)
2. My own Application is up from docker on port 8080. From Docker exposed 8001 port as well.
Mocking Case:
1. My application REST call exposed to all users http://localhost:8080/service/v1/findUser. This exposed API, underlying calling other REST call http://dev-STG/userservice/v1/findUser which actually giving JSON response. So, I want to mock underlying API call and validate my API behavior accordingly.
Steps tried:
1. Now, in my application config, m replacing actual underlying API call to Karate mock server(http://localhost:8001/userservice/v1/findUser). Then did build & up my application docker.
In Karate, I defined test e.g "testIntgrtn.feature" which calling my application API "http://localhost:8080/service/v1/findUser" and Karate mock server up and set with pathmatch "/userservice/v1/findUser".
After executing "testIntgrtn.feature" karate not mocking for an underlying call(http://localhost:8001/userservice/v1/findUser).
Now, in "testIntgrtn.feature" file I changed my-application URL to underlying REST URL i.e (http://localhost:8001/userservice/v1/findUser) then mocking will work like charm.
I'm not understanding why underlying API call not getting mocked here? Did I miss something here?
Also, in Karate can we monitor all REST calls (like cypress mocking).
Thanks for this wonderful framework. Which is intuitive for writing automation cases.
Karate cannot automatically intercept calls.
The recommended approach is when you boot the application running at localhost:8080 you change the configuration so that instead of calling http://dev-stg/userservice/v1/findUser it calls something like http://localhost:8001/v1/findUser. This is what most teams do, and is easy because you should anyway be defining external URL-s as application.properties (or equivalent) as a best-practice.
It is very easy to over-ride an application property in Spring Boot for example, you can do this via the command-line: https://stackoverflow.com/a/37053004/143475
If you want, you can dynamically provision a port for the mock. So your unit test can first start a mock, get the port, and then start the server. You can find details in the Karate documentation.
All this said, if you are able to change the (system) HTTP proxy before the app at localhost:8080 starts, you may be able to do this without modifying the configuration. (But it is tricky, so I recommend the approach explained above.) So in this case, Karate can actually "intercept" the outgoing HTTP calls that the app at localhost:8080 makes.
See the second-last row (5a) in the table here: https://github.com/intuit/karate/tree/master/karate-netty#consumer-provider-example

JMeter: Record n play, also gives API access

I have recorded a login flow of an application and found some URIs like below:
/api/oauth2/initiate GET
/oauth2/authorize GET
/api/v1/oauth2/authorize GET
/api/v1/oauth2/authenticate POST
{"username":"${Username}","password":"${Password}","client_id":"${client_Id}","response_type":"code","redirect_uri":"${scheme}://${host}/api/oauth2/callback","server_id":"${server_Id}"}
When I am hitting above in sequence via JMeter I am getting 200 response. Just like JMeter I tried recording in Postman and it worked same, but instead of JSON it gave response in XML format.
It doesn't generate a access_token, it works via session cookies.
My question is - Do I really have API access or it is just browser record n play? If Yes, Does this mean I can get access to any API, if I am a registered user of that application? For ex: Facebook, YouTube or any startup website.
JMeter works on the protocol level. This means that whatever request you are generating. Say a simple browser request or an API call, you can do that easily.
Now the thing is replicating requests. You don't need to record the requests necessarily using the browser. You need to analyze the few things that are required. Say Postman is generating a request. You specify the things you want to send and you use the API Token there. The same things can be specified there as well. It all depends on how you are understanding the concept of request generation.
You simply need to replicate the samplers and the parameters. And the request headers in postman can be replicated here in the same way.
For each HTTP Request Sampler make sure you add a corresponding child HTTP Header Manager config element.
Headers basically tell the server that what client we are using and in what form data is being sent and then server responds accordingly with the information.
What you're recorded is OAuth2 flow and you won't be able to replay it without correlating the dynamic values.
You can have access to Google API or Facebook Graph API given you have proper access_token but I don't think you should be testing them directly, you should focus on solely your application.

How to stub an API when testing with Selenium Server

I'm using Nightwatch.js to test a MERN stack application—it makes calls to the Twilio API when it receives a POST request at /sms/outgoing/.
I would rather not send SMS messages every time I run my e2e tests—instead I'd like to stub out the behaviour and, ideally, return the request data, so that I can check my app is submitting the correct info.
I have looked at libraries such as nock and fetch-mock, but neither of these will work with tests that rely on selenium.
Is there a library that can intercept requests made by Selenium Server and provide the stubbing behaviour I'm after?
As you have mentioned nock and fetch-mock, I assume you're using a node server?
If that is the case, you could modify the server to detect an environment variable process.env.MOCK_API and return hard-coded responses to fetch request using fetch-reply-with

Struts controller/porccessor monitoring/log utility

I'm looking for some kind of monitoring tool to visualize/log all internal struts forwards together with all http headers, parameters, request and session attributes values.
The intend is to understand the full flow of certain request in struts 1.x application.
Thanks a lot.
Use MaintainJ to monitor all calls and methods in java web application... And in firefox install 'firebug' run it select net tag... Under this tag you can see every server call and response of that call... Chrome too have this feature...

REST API Works in Browser, But Not Client

I am developing a REST API, and have found a very interesting problem.
When I access the resources in a web browser (in my case Chrome), everything works fine. However, when I access the resources using a REST client (Google Chrome plugin, web-based client, and a Java applet), NONE of the variables pass to the API. This happens both with GET and POST methods.
I have absolutely no idea why this would be the case, and it's proving very difficult to test the methods before putting them into production (especially with POST methods).
Please help!
At first glance it sounds it could be 2 things:
You are not correctly passing API parameters via your client or
applet
A problem with authentication or cookie management. Does the API require any type of authorization?
Are you forgetting to set a necessary HTTP header?
Do you have control of the API also or is it a third party API? If so, do the params arrive at all or do they arrive empty? What's the error code? - a 403 not authorized (which would make sense if the key doesn't pass) or something else due to missing params.
Try the intermediate step of doing it with CURL form the command line - that'll give you more detail on what's coming back.