APIs Unleashed 06:
Assertions

API unleashed

Hello People,

 

So far in this series you would have learnt about the basics of API, how to build an API request, Examples of REST and SOAP API and how to do a JSON schema validation for your responses. Other than schema validation, we have to check some more attributes from the API response. So how do we do that? That's where we need to create assertions, which are nothing but similar to the front end test cases.

 

For any application we will be drafting a list of scenarios/test cases to be validated right? Same way for APIs we need to add few assertions as part of the scripting.

What are assertions?

Assertions are the validations done to the HTTP response received back from the server. So every time when you receive the response there are few things to validated as part of the API Tests.

 

For example, for any API the response code is one of the basic attribute to be validated right. We will add an assertion to check if the specific API response code is always as expected. If any response code other than the expected one is treated as failed test case.

 

Well, you might now have a question what all should be covered as assertions for your API.

 

This is a million dollar question. Because we have few generic validations like Status code, Response Time, Response Headers, Cookies etc. Other than this the assertions vary from API to API, based on the response values, project requirements, API design etc.

 

So here we will consider an public REST API endpoint: https://vpic.nhtsa.dot.gov/api/vehicles/getallmanufacturers?format=json

 

In this JSON response we will try to cover the possible assertions.

KarateDSL: Assertions

Let's see how assertions can be done using KarateDSL

KarateDSL provides a variety of assertions and matchings for API response validation.

 

These features are one of the most critical aspects to guarantee that the response obtained is in accordance with the business needs and that the keys have the appropriate values.

 

Because of the powerful JsonPath evaluation and matching techniques, Karate has made the implementation of assertions very simple and effective for its users.

 

These features are amongst the most important factors in ensuring that the response obtained meets the business requirements and that the keys have the correct values.

 

Let's look at a few examples to understand how simple and effective Assertion is?

 

Please note, steps for test execution and report view will be same for respective feature files.

 

Enter feature file name in the runner class > Execute TestRunner file > Once the execution is complete, copy-paste report url on the browser to view detailed Karate Report.

 

Example 1: Check Response Status

 

In Following example "Then status 200" is used to verify the response status code.

response
assertion demo

If the response code does not match with the actual code then the test case will fail.

 

for example, actual status code is 200 but instead 201 is passed in the scenario.

If you want to add validation for either of the response code that can be done by using "||" OR operator.


If you want to validate responseStatus alternatives, you can do so by using square brackets around the response status range.

Or you may also use - karate.range() method.


Example 2: Check the response time.

 

We may use the responseTime keyword to verify API response time, just as we do with the responseStatus keyword. It basically saves the current API's response time (in milliseconds).



Failure Case is as follows:

Example 3: Check the response headers

 

Response headers can be validated using "responseHeaders" keyword, as the values will be stored in this variable. Since, it is a "map of lists" hence you will have to define a variable consisting of the ['header name'] with [0].

Refer following code snippet:


Example 4: Response body check

 

Validate count of Result array with Count key from the API response

 

If you want to fetch array size, you may use karate.sizeOf(array_variable) as shown in below code snippet.


If your are looking for more scenarios on assertion and matching.

 

In the preceding sections, we saw a variety of assertion methods. 

POSTMAN: Assertions

Let's see how assertions can be done using POSTMAN

Learning about the assertions, we have two places in Postman where we write the customized code snippets in JavaScript.

 

For any steps/validations to be done before hitting the server will be covered in "Pre-request" Script section.

 

Any validation/actions to be performed in the response will be covered under "Tests" section. So our assertion code snippets will be written in the "Tests" section.

 

One of my favorite section in Postman is the ready-made code snippets available in the left tab. Once you click the "Tests" section, it will guide you on the list of snippets available.

So even if you miss the syntax, you can select the related one from here and edit based on your API response. After adding the assertions once you send the request every time the added assertions are validated and the results are displayed under the "Test Results" tab in Response window. Since Postman is having inbuild Chai Assertion Library. You can visit this site to know more about chai. The best thing here is, the assertions will be in a user friendly readable manner. Any one can understand it very easily.

 

So we will start adding the basic assertions.

 

Example 1: Check the response code

 

From the list of code snippets select the below:

pm.test("Status code is 200", function (){ 

pm.response.to.have.status(200);

});

This snippet is now placed inside "Tests". Now if you hit "Send" you test case will either pass of fail based on the response code.


Additionally you can validate the response code message as well.

pm.test("Status code is 200 OK", function () { 

pm.response.to.have.status(200);
pm.response.to.have.status('OK');

});

If you are expecting more than one response code and if that means success, then you can edit the snippet as below:

pm.test("Successful POST request", function () { 

pm.expect(pm.response.code).to.be.oneOf([200,201,202]);

});

Example 2: Check the response time

 

Select the below snippet.

pm.test("Response time is less than 200ms", function () { 

pm.expect(pm.response.responseTime).to.be.below(200);

});

This snippet is now placed inside "Tests". But you can modify the response time based on your API design/documentation. If your API should have a response time between 2000 to 3000 milliseconds then you can edit the generalized as below:

pm.test("Response time validation", function () { 

pm.expect(pm.response.responseTime).to.be.below(3000);
pm.expect(pm.response.responseTime).to.be.above(2000);

});

Based on the actuals, the Test case might pass/fail.

Example 3: Check the response headers

 

Select the below snippet.

pm.test("Content-Type is present", function () { 

pm.response.to.have.header("Content-Type");

});

This snippet will verify if the header "Content-Type" is present in the response, if you are expecting any specific value as part of "Content-Type" you can tweak your script.

This test case is passing because the response had the "Content-Type" header.

Example 4: Response body check

 

When we need to add assertions as part of the response, we should parse the response and store in a variable as JSON object. We discussed this in our earlier post. Please check here and brush-up if needed:

 

https://synapse-qa.com/2021/07/28/apis-unleashed-03-handling-rest-apis/

For better assertions in our response, we will add the below variables:

var resp = pm.response.json(); 
var names = pm.response.json().Results;
var count = pm.response.json().Count;

As we are aware Postman is using inbuild chai assertions, we can write out test cases based on that.

 

Based on the requirements/sample API response/API documentation we need to add different assertions. Here, based on our public API response, we can write few possible assertions to validate the response.

 

To validate the count we can have different set of validations. To check if the count field in the response is matching the count of the array "names" we can use the below snippet.

//to check the length 
pm.test("count vs length", function () {

pm.expect(names).to.have.length(count);

});

Same way the assertions can be extended based on the response body values.

 

For some more examples and details please refer:

 

https://learning.postman.com/docs/writing-scripts/script-references/test-examples/

These are few assertions which can be added as part of your test cases, to perform an exhaustive testing you need to understand the business requirements and purpose of your APIs. We learnt how to create few assertions n Postman and KarateDSL, please explore and try to add different assertions to become a master in writing API test cases.

 

Dear readers, thank you for your time. See you in the next few days with our next topic!!

Missed Previous Chapters?

Disclaimer
This is truly a parallel learning series, which is not meant for promotion or degradation of any tools or technologies. We are aiming to give a learning experience for our audience in terms of common scenarios.

Know Our Synapses

Meet the brains behind this learning series!

Pricilla Bio






Priyanka Bio




Let's


Together

Follow Us

Stay updated with all the latest contents & announcements


Linkedin


Twitter


Instagram


Facebook