Interface learning

One 、 Talk about interface testing

　　 There are two categories of interfaces ： One is the interface inside the program , One is the external interface of the system . At present, the two most commonly used interfaces are webservice Interface and http api Interface . among webservice The interface is to go soap Agreement passed http transmission , Both the request message and the message are xml Format .http api The interface is to go http agreement , Differentiate called methods by path , The request message is key-value Formal , All the returned messages are json strand .http The two most common request methods for interfaces get and post, The difference between the two lies in the general get Request to get data ,post Requests are used to send data . 
　　 Interface testing is actually through the call address on the interface specification document 、 Request parameters 、 Splicing message , Then send the request , Check the returned results . The necessity of interface testing is as follows ：（1） You can find a lot of things you can't find on the page bug;（2） Detect the abnormal handling capability of the system ;（3） Check the security of the system 、 stability ;（4） Back end unchanged , Interface changes , The front end changes randomly . 
　　 The interface test generally considers that the test points include ： Pass the test （ remarks ： According to the parameters in the interface document , Normal incoming ）、 Business logic verification test （ According to the business logic of your project ）、 Parameter combination test 、 Interface safety test and exception verification . The interface security mainly tests four points ：（1） Whether the verification can be bypassed ： Like buying goods , When the order is submitted , Modify the commodity price through the interface , Verify whether it can be submitted successfully ;（2） Whether identity authorization can be bypassed ： For example, a certain function only has A Authorized users can use , Via interface B Authorized users , Verify that the function can be used ;（3） Whether the key parameters are encrypted ： For example, whether the user name and password of the login interface are encrypted ;（4） Whether the encryption security rules are complex . There are two types of exception verification ： Do not input parameters as required in the interface document （ such as ： Must pass, not must pass 、 Parameter type 、 The length of the input parameter ）, There are also some abnormal scenes （ such as ： Abnormal network connection , Database connection failed , Service disconnection and reconnection, etc ）. 
　　 Interface request message splicing , Two call modes :key_value Form and json Serial transmission parameters .key_value The form is a question mark preceded by a request url, Followed by the requested parameter name and parameter value , Multiple parameters with & Splicing ;json Serial parameters cannot be spliced , A third-party testing tool is required to complete, for example postman. 
　　 Basic process of interface test ： Requirements review -> Development provides interface documentation -> Write interface test cases -> Use case review - Enter the test phase -> Submit test report . 
　　 The interface document contains the interface description 、 Request address 、 Request mode 、 Enter the reference （ To specify the data type 、 If required ）、 Return parameter descriptions and examples . The elements included in the interface test case are the project 、 modular 、 Use cases id、 The name of the interface 、 Use case title 、 Request mode 、 request url、 Request parameters 、 precondition 、 The results verify that 、 Request message 、 Return message 、 Test results and testers, etc . 
　　 There are too many interface testing tools at present ,http api Interface testing tools, such as ：fiddler、postman、restclient、charles、jemeter,webservice The interface testing tools are soapui.

Two 、 SoapUI Tools

webservice The interface does not need to spell messages , Directly in SoapUI Import , You can see all the interfaces inside .SoapUI Tools are basically parsing wsdl Address , Establish the interface design for the existing interface testcase Conduct a comprehensive test , Simple as follows ： 

3、 ... and 、postman

postman Is a plug-in of Google browser , It can be used for interface testing , send out get、post request , add to cookie、header、 Permission verification information , View interface return interface , Interface response time, etc .

send out get、post request

• get Request to splice parameters directly after the interface request address , Parameters are passed through “&” Splicing . meanwhile get Requests can be accessed directly in the browser .get An example of a request is shown below ：

• post Request parameters are usually placed in body in ,key-value Parameter types can be spliced directly after the request address ,json String parameter types cannot be concatenated directly after the request address .post An example of a request is ：

Different parameter types

The parameter types include key_value and json There are two forms of string .

• key_value The biographical reference is as follows ：

• json The serial transmission parameters are as follows ： 
  body Interior selection “raw”, At the same time choose “json”, Examples are as follows ： 
  

Add information

Add information including http Request to add permission verification Authorization、 add to header Header information 、 add to cookie Information .

• An example of adding permission verification is as follows ：

• add to header An example of header information is as follows ：

• headers Add in “Cookie”, Simultaneous addition cookie Need to install inerceptor plug-in unit , Examples are as follows ： 
  

Upload files

• body Add the name as “file” Of Key. An example of requesting to upload a file is as follows ：

Four 、fiddler

fiddler There are many functions , For example, send a request automatically , Modify request header 、 Modify request response 、 Set breakpoints and speed limits, etc . Here we mainly use fiddler Setting agent , Grab related interface requests , Set a breakpoint , Modify interface information .

• Filtering requests Filters

  filters You can filter to display only the specified requests . The key is ‘Hosts Filter’, among ‘No Host Filter’ It's not filtered host Request ,‘Hide the following Hosts’ Is to hide the specified domain name request ,‘Show only the following Hosts’ Is to display only the specified domain name request , the last one ‘Flag the following Hosts’ Is to mark the specified domain name request , Other requests will also show , Just don't mark .

  The following is an example of filtering and specifying the requests of tiantian.com and baidu.com , As shown below ： 
  

• request redirections AutoResponder

Request redirection is to redirect some of the front end css、js、 Replace the returned results such as images and interface requests with the results we want . Important note ： Remember to check ‘Enable rules’ and ‘Unmatched requests passthrough’

（1） Replace interface request response data . For example, modify the data returned by the login interface , Examples of user login failures . Interface returned json Format data , First write what we want to replace json file , then fiddler Catch the login request interface , Let it ask for our json file , The effect is as follows ：

（2） Replace picture request resource file

We use fiddler Capture this file request , Replace picture . For example, the video cover of Tudou , An example of replacing any local image is as follows ： 

（3） Request response settings 404 or 502 Wait for the status code , View page load styles . 

• Modify request header Before Requests( After reading the request from the front end , Before the request is sent to the server )

  （1） First open and check Rules->Automatic Breakpoints->Before requests

  

（2） Refresh the page and re request ,fiddler Intercept request , Modify request header . For example, intercept the comment sending interface of Tudou , Modify the comment content , The screenshot shows ：

（3） Click on ‘Run to Completion’, Check whether the request response and front-end display are successful .