Karate API Testcases and examples - NextensArelB/SwaggerGenerationTool GitHub Wiki
- General testcases
- General Calls examples
- GET Calls testcases
- GET Calls examples
- POST Calls testcases
- POST Calls examples
- PUT Calls testcases
- PUT Calls examples
This wiki page is to give insights into our recommended testcases for GET, POST and PUT calls. As well as examples of those testcases in use with karate. The intention for this document is to have it grow and expand with time. If you have any suggestions, feel free to reach out to team test automation on our teams channel:
Team Test Automation
https://teams.microsoft.com/l/channel/19%3A5a507f990601404ca3955dbafdfd58fd%40thread.skype/Team Test Automation?groupId=62c6b6b3-325e-43e8-bf86-f27488b37dd8&tenantId=9274ee3f-9425-4109-a27f-9fb15c10675d (Opens in new window or tab)
For information our best practices when it comes to designing API tests follow this page:
Happy flow:
- Assert the response is of an expected type for example JSON
- Assert the response time is reasonable for example less than a second
- Assert that the response headers does NOT return X-Powered-By
- Assert the following response headers are set as seen below: Cache-Control = no-store Content-Security-Policy = "frame-ancestors 'none' Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload" X-Content-Type-Options= "nosniff" X-Frame-Options= "DENY"
If the response headers above are not correct, consult your developers as these headers were recommended by pen test experts.
Unhappy flow:
- Verify that access is blocked with incorrect authorization type
- Verify that access is blocked with incorrect access token
#######################
# Positive flow tests #
#######################
Given header Authorization = ""/ Enter authorization here
Given url "" //Enter the URL here of any call for example, GET, PUT and/or POST
When method GET // Can be any type
Then status 200
# 1. Assert the response is of an expected type for example JSON
And match responseType = "json"
# 2. Assert the response time is reasonable for example less than a second
And assert responseTime < 1000
# 3. Assert that the response headers does NOT return X-Powered-By -> by verifying it's value is null
* def contentType = responseHeaders["X-Powered-By"] == "#null"
# 4. Assert the following response headers are set as seen below:
And assert responseHeaders["Cache-Control"] == "no-store"
And assert responseHeaders["Content-Security-Policy"] == "frame-ancestors 'none'"
And assert responseHeaders["Strict-Transport-Security"] == "max-age=63072000; includeSubDomains; preload"
And assert responseHeaders["X-Content-Type-Options"] == "nosniff"
And assert responseHeaders["X-Frame-Options"] == "DENY"
#######################
# Negative flow tests #
#######################
# 1. Verify that access is blocked with incorrect authorization type
# X-ApiKey in this case instead of the correct type which is bearer
Given header X-ApiKey = AccessToken
Given url "" //Enter the GET URL here
When method GET
Then status 401
# 2. Verify that access is blocked with incorrect access token
Given header Authorization = 'Bearer 1234'
Given url "" //Enter the GET URL here
When method GET
Then status 401
The following testcases are recommended for use when testing GET endpoints of an API.
Happy flow:
- Verify that the call works with the expected input
- Verify that the response returns an expected result: Does it return all the expected response variables.
- Verify that the responses are of the expected type e.g. string, int. And also verify they are not null
Unhappy flow:
- Verify that error 404 is returned when data is not found due to incorrect input
- Verify that error 405 is returned when no parameter is used in the get call
- Verify 405 when trying to use the wrong call Type, for example PUT instead of GET
#######################
# Positive flow tests #
#######################
# 1. Verify that endpoint works with ordinary input
Given header Authorization = ""/ Enter authorization here
Given url "" //Enter the GET URL here
When method GET
Then status 200
# 2 & 3. Does it return all the expected response variables & responses are of the expected type e.g. string, int. And also verify they are not null
# These lines confirm that regardless of the value, it's type is string or int. Which means it can't be null either.
* assert response.Achternaam == "#string"
* assert response.leeftijd == "#int"
#######################
# Negative flow tests #
#######################
# 1. Verify that error 404 is returned when data is not found due to incorrect input
# Place an incorrect parameter after the end of the URL for example the wrong ID that does not exist
Given header Authorization = ''
Given url "" //Enter the GET URL here with a parameter value that doesn't exist
When method GET
Then status 404
# 2. Verify that error 405 when a required parameter is missing
# By placing no parameter at the end of the URL for example
Given header Authorization = ''
Given url "" //Enter the GET URL here without any parameter at the end
When method GET
Then status 405
# 3. Verify that an error 401 is given when trying to the wrong call type like PUT instead of GET
#Only possible if the exact same endpoint does not have that content type already
Given header Authorization = 'Bearer 1234'
Given url "" //Enter the GET URL here
When method PUT
Then status 401
Happy flow:
- Verify that endpoint will work with minimum required parameters
- Verify that the newly generated data exists with a GET call
- Verify that the endpoint works with all parameters filled in
Unhappy flow:
- Verify that endpoint will give status code 400 when no request is given
- Verify that endpoint will give status code 400 when empty request is given
- Verify 409 is given when duplicate data is created
#######################
# Positive flow tests #
#######################
1. Verify that endpoint will work with minimum required parameters (For example Achternaam and Age are required)
# Verify that endpoint will work with only the required parameters
* def requestArray =
"""
{
//Fill in parameters here for examples see below
"Achternaam":"Test"
"Age":"12"
}
"""
Given header Authorization = ''
Given url "" //Enter POST URL here
And request requestArray
When method POST
Then status 201
# Below in this example, we store the klantId for the GET call in testcase #2
* def klantId = response.klantId
2. Verify that the newly generated data exists with a GET call
Given header Authorization = ""/ Enter authorization here
Given url "" + klantId //Enter the GET URL here, klantId is placed after the end as a parameter to verify the post call worked
When method GET
Then status 200
# Here we validate that the posted data matches the response
* assert response.achternaam = "Test
* assert response.Age = "12"
3. Verify that the endpoint works with all parameters filled in
* def requestArray =
"""
{
//Fill in parameters here for the model of the endpoint
}
"""
Given header Authorization = ''
Given url "" //Enter POST URL here
And request requestArray
When method POST
Then status 201
#######################
# Negative flow tests #
#######################
# 1. Verify that endpoint will give status code 400 when no request is given
Given header Authorization = ''
Given url "" //Enter POST URL here
When method POST
Then status 400
# 2. Verify that endpoint will give status code 400 when empty request is given
* def requestArray =
"""
{}
"""
Given header Authorization = ''
Given url "" //Enter POST URL here
And request requestArray
When method POST
Then status 400
# 3. Verify 409 is given when duplicate data is created, as the same call and POST is made as in positive flow #1
* def requestArray =
"""
{
//Fill in parameters here for examples see below
"Achternaam":"Test",
"Age":"12"
}
"""
Given header Authorization = ''
Given url "" //Enter POST URL here
And request requestArray
When method POST
Then status 409
Happy flow:
- Verify status code 200 for a successful PUT call
- Verify the PUT call works for the minimum required inputs
- Verify the update occurred with a GET call
- Verify the PUT call works with all parameters included
Unhappy flow:
- Send incorrect content type for the type to get status 500
- Verify that error 400 occurs when request is empty
#######################
# Positive flow tests #
#######################
# Use pre-existing data that is INDEPENDENT of other tests or create new data
# 1 & 2. Verify status code 200 for a successful PUT call with the minimum required inputs
* def requestArray =
"""
{
//Update the newly created object with minimum created input
}
"""
Given header Authorization = 'Bearer ' + AccessToken
Given url ""
And request requestArray
When method PUT
Then status 204
# 3. Verify the update occurred with a GET call
Given header Authorization = ""/ Enter authorization here
Given url "" + Id //Enter the GET URL here, Id of the PUT call goes here to verify it worked
When method GET
Then status 200
# 4. Verify the PUT call works with all parameters used
* def requestArray =
"""
{
//Update the newly created object with all parameters in the model
}
"""
Given header Authorization = ''
Given url ""
And request requestArray
When method PUT
Then status 204
#######################
# Negative flow tests #
#######################
# 1. Send incorrect content type for the type to get status 500, for example DateTime when string is expected
* def requestArray =
"""
{
# Give a string instead of dateBirth for example
"dateOfBirth": "Test"
}
"""
Given header Authorization = ''
Given url ""
And request requestArray
When method PUT
Then status 500
# 2. Verify that error 400 occurs when request is empty
* def requestArray =
"""
{}
"""
Given header Authorization = ''
Given url ""
And request requestArray
When method PUT
Then status 500