I am building a rest api using mod-wsgi and werkzeug. I am able to test the api for get request locally. But, not able to do the same for POST request. Any way to do it?
check out https://www.postman.com/
or https://insomnia.rest/
you can store calls, document, make test suites, and much more
Related
I wonder what is the difference between REST Client like Postman and browser? I want to make API calls but I dont understand why I have to use a REST Client instead of a browser.
A browser permits to create simple GET calls, you invoke a url and obtain the response.
A REST Client permits more possibilities like:
to construct every type of REST/HTTP call such as POST,PUT and DELETE,
add headers to the calls,
build a body for the calls (a json/xml or whatever of want one).
It's a tool more sophisticated.
You can install a standalone one like:
Postman
Insomnia
or install a browser extension for Firefox and Chrome like:
Resting
Rester
Disclaimer: I'm the creator and maintainer of Resting
I'm testing a peer-to-peer app that I can send a URL to and then it should make a request to that URL. I can mock the response with the karate mock server, but I would also like to verify the request was made.
One idea I had was to log each request to the mock server to a file, then in my main scenario (which started the mock and sent the URL to the app) read it back for verification.
Is there a better way to do this? Can I access the state of the mock server from the scenario that created it without using a file. Can I tell the mock server to verify its own state?
I'm using the standalone JAR if that makes a difference.
Remember, Karate mocks are all about exposing arbitrary REST end-points that can "see" a bunch of global variables.
All you need to do is expose a "secret" end-point that your test can call to get pretty much anything you want out of the "state" of the mock.
More details here: https://stackoverflow.com/a/61374079/143475 and here: https://stackoverflow.com/a/63512034/143475
I have recorded a login flow of an application and found some URIs like below:
/api/oauth2/initiate GET
/oauth2/authorize GET
/api/v1/oauth2/authorize GET
/api/v1/oauth2/authenticate POST
{"username":"${Username}","password":"${Password}","client_id":"${client_Id}","response_type":"code","redirect_uri":"${scheme}://${host}/api/oauth2/callback","server_id":"${server_Id}"}
When I am hitting above in sequence via JMeter I am getting 200 response. Just like JMeter I tried recording in Postman and it worked same, but instead of JSON it gave response in XML format.
It doesn't generate a access_token, it works via session cookies.
My question is - Do I really have API access or it is just browser record n play? If Yes, Does this mean I can get access to any API, if I am a registered user of that application? For ex: Facebook, YouTube or any startup website.
JMeter works on the protocol level. This means that whatever request you are generating. Say a simple browser request or an API call, you can do that easily.
Now the thing is replicating requests. You don't need to record the requests necessarily using the browser. You need to analyze the few things that are required. Say Postman is generating a request. You specify the things you want to send and you use the API Token there. The same things can be specified there as well. It all depends on how you are understanding the concept of request generation.
You simply need to replicate the samplers and the parameters. And the request headers in postman can be replicated here in the same way.
For each HTTP Request Sampler make sure you add a corresponding child HTTP Header Manager config element.
Headers basically tell the server that what client we are using and in what form data is being sent and then server responds accordingly with the information.
What you're recorded is OAuth2 flow and you won't be able to replay it without correlating the dynamic values.
You can have access to Google API or Facebook Graph API given you have proper access_token but I don't think you should be testing them directly, you should focus on solely your application.
I am trying to implement testing POST request for my APIs using KARATE, but getting 403 - expected csrf token not found.
However, I am able to perform POST Request using Jmeter - Login to the application, perform GET request and get the XSRF Token from GET request RESPONSE HEADERS and pass it in the POST request in Header Manager in Jmeter. That way, I am able to create a new resource using POST. I am not sure why this approach isn't working in Karate.
You must be missing some header. The fastest way you can solve this is by collaborating with someone on the server-side dev team.
Refer to this example in the Karate demos that uses CSRF:
I need to hit this endpoint as part of an assessment, I have tried having a looking online and I would ideally like to do this just by using the browser console.
This is my task:
Your task is to write some code (eg. console, html form, javascript, python etc.) to hit 2 API endpoints. You can use any language, framework, tool or library. The result of each endpoint will give you instructions on how to proceed. The first endpoint is /api/Step1 and requires a GET verb and a parameter value=40
I am really trying to understand how to do this but all of the things I have read have not worked.
Any help would be greatly appreciated.
[Postman]
http://i.stack.imgur.com/DA5Oq.png
You should make sure you get the idea of what an API is, and you can read this for the queries.
That said, you are looking to send a GET http request to the url /api/Step1?value=40. You can to this using a tool like Postman on Chrome, but there are other equivalents for other browsers.
If you are using osx/linux, you can look up the command curl on google to see how to do a GET request from the terminal, or check this SO question.
Sending a GET request is quite easy. You can use curl and php for example. If you google it, you can find examples.
Giving a parameter is easy like this: /api/Step1?value=40