API Testing and Development with Postman


Book Description

Explore the world of APIs and learn how to integrate them with production-ready applications using Postman and the Newman CLI Key FeaturesLearn the tenets of effective API testing and API designGain an in-depth understanding of the various features Postman has to offerKnow when and how to use Postman for creating high-quality APIs for software and web appsBook Description Postman enables the exploration and testing of web APIs, helping testers and developers figure out how an API works. With Postman, you can create effective test automation for any APIs. If you want to put your knowledge of APIs to work quickly, this practical guide to using Postman will help you get started. The book provides a hands-on approach to learning the implementation and associated methodologies that will have you up and running with Postman in no time. Complete with step-by-step explanations of essential concepts, practical examples, and self-assessment questions, this book begins by taking you through the principles of effective API testing. A combination of theory coupled with real-world examples will help you learn how to use Postman to create well-designed, documented, and tested APIs. You'll then be able to try some hands-on projects that will teach you how to add test automation to an already existing API with Postman, and guide you in using Postman to create a well-designed API from scratch. By the end of this book, you'll be able to use Postman to set up and run API tests for any API that you are working with. What you will learnFind out what is involved in effective API testingUse data-driven testing in Postman to create scalable API testsUnderstand what a well-designed API looks likeBecome well-versed with API terminology, including the different types of APIsGet to grips with performing functional and non-functional testing of an APIDiscover how to use industry standards such as OpenAPI and mocking in PostmanWho this book is for The book is for software testing professionals and software developers looking to improve product and API quality through API test automation. You will find this book useful if understand APIs and want to build your skills for creating, testing, and documenting APIs. The book assumes beginner-level knowledge of JavaScript and API development.




Design and Build Great Web APIs


Book Description

APIs are transforming the business world at an increasing pace. Gain the essential skills needed to quickly design, build, and deploy quality web APIs that are robust, reliable, and resilient. Go from initial design through prototyping and implementation to deployment of mission-critical APIs for your organization. Test, secure, and deploy your API with confidence and avoid the "release into production" panic. Tackle just about any API challenge with more than a dozen open-source utilities and common programming patterns you can apply right away. Good API design means starting with the API-First principle - understanding who is using the API and what they want to do with it - and applying basic design skills to match customers' needs while solving business-critical problems. Use the Sketch-Design-Build method to create reliable and scalable web APIs quickly and easily without a lot of risk to the day-to-day business operations. Create clear sequence diagrams, accurate specifications, and machine-readable API descriptions all reviewed, tested, and ready to turn into fully-functional NodeJS code. Create reliable test collections with Postman and implement proper identity and access control security with AuthO-without added cost or risk to the company. Deploy all of this to Heroku using a continuous delivery approach that pushes secure, well-tested code to your public servers ready for use by both internal and external developers. From design to code to test to deployment, unlock hidden business value and release stable and scalable web APIs that meet customer needs and solve important business problems in a consistent and reliable manner.




RESTful Web APIs


Book Description

The popularity of REST in recent years has led to tremendous growth in almost-RESTful APIs that don’t include many of the architecture’s benefits. With this practical guide, you’ll learn what it takes to design usable REST APIs that evolve over time. By focusing on solutions that cross a variety of domains, this book shows you how to create powerful and secure applications, using the tools designed for the world’s most successful distributed computing system: the World Wide Web. You’ll explore the concepts behind REST, learn different strategies for creating hypermedia-based APIs, and then put everything together with a step-by-step guide to designing a RESTful Web API. Examine API design strategies, including the collection pattern and pure hypermedia Understand how hypermedia ties representations together into a coherent API Discover how XMDP and ALPS profile formats can help you meet the Web API "semantic challenge" Learn close to two-dozen standardized hypermedia data formats Apply best practices for using HTTP in API implementations Create Web APIs with the JSON-LD standard and other the Linked Data approaches Understand the CoAP protocol for using REST in embedded systems




Hacking APIs


Book Description

Hacking APIs is a crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. Hacking APIs is a crash course on web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure. You’ll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you’ll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner and OWASP Amass. Next, you’ll learn to perform common attacks, like those targeting an API’s authentication mechanisms and the injection vulnerabilities commonly found in web applications. You’ll also learn techniques for bypassing protections against these attacks. In the book’s nine guided labs, which target intentionally vulnerable APIs, you’ll practice: • Enumerating APIs users and endpoints using fuzzing techniques • Using Postman to discover an excessive data exposure vulnerability • Performing a JSON Web Token attack against an API authentication process • Combining multiple API attack techniques to perform a NoSQL injection • Attacking a GraphQL API to uncover a broken object level authorization vulnerability By the end of the book, you’ll be prepared to uncover those high-payout API bugs other hackers aren’t finding and improve the security of applications on the web.




Irresistible APIs


Book Description

Summary A Web API is a platform with a web-style interface developers can use to implement functionality. Well-designed APIs feel like a natural extension of the application, rather than just a new interface into the backend database. Designing Web APIs based on use cases allows an organization to develop irresistible APIs, which developers can consume easily and which support the business values of that organization. Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the Technology It takes a village to deliver an irresistible web API. Business stakeholders look for an API that works side-by-side with the main product to enhance the experience for customers. Project managers require easy integration with other products or ways for customers to interact with your system. And, developers need APIs to consistently interoperate with external systems. The trick is getting the whole village together. This book shows you how. About the Book Irresistible APIspresents a process to create APIs that succeed for all members of the team. In it, you'll learn how to capture an application's core business value and extend it with an API that will delight the developers who use it. Thinking about APIs from the business point of view, while also considering the end-user experience, encourages you to explore both sides of the design process and learn some successful biz-to-dev communication patterns. Along the way, you'll start to view your APIs as part of your product's core value instead of just an add-on. What's Inside Design-driven development Developing meaningful use cases API guiding principles How to recognize successful APIs About the Reader Written for all members of an API design team, regardless of technical level. About the Author Kirsten Hunter is an API evangelist who helps developers and business stakeholders understand, design, and deliver amazing APIs. Table of Contents UNDERSTANDING WEB APIs What makes an API irresistible? Working with web APIs API First Web services explained DESIGNING WEB APIs Guiding principles for API design Defining the value for your API Creating your schema model Design-driven development Empowering your developers




Testing Web APIs


Book Description

Ensure your web APIs are consistent and bug-free by implementing an automated testing process. In Testing Web APIs you will: Design and implement a web API testing strategy Set up a test automation suite Learn contract testing with Pact Facilitate collaborative discussions to test web API designs Perform exploratory tests Experiment safely in a downloadable API sandbox environment Testing Web APIs teaches you to plan and implement the perfect testing strategy for your web APIs. In it, you’ll explore dozens of different testing activities to help you develop a custom testing regime for your projects. This practical book demystifies abstract strategic concepts by applying them to common API testing scenarios, revealing how these complex ideas work in the real world. You’ll learn to take a risk-driven approach to API testing, and build a strategy that goes beyond the basics of code and requirements coverage. Your whole team will soon be involved in ensuring quality! About the technology Web APIs are the public face of your application, and they need to be perfect. Implementing an automated testing program is the best way to ensure that your web APIs are production ready. About the book Testing Web APIs is a unique and practical guide, from the initial design of your testing suite through techniques for documentation, implementation, and delivery of consistently excellent APIs. You’ll see a wide range of testing techniques, from exploratory to live testing of production code, and how to save time with automation using industry-standard tools. This book helps take the hassle out of API testing. What's inside Design and implement a web API testing strategy Set up a test automation suite Contract testing with Pact Hands-on practice in the downloadable API sandbox About the reader For dedicated software QA and testers, or experienced developers. Examples in Java. About the author Mark Winteringham is the OpsBoss at Ministry of Testing, where he teaches many aspects of software testing. Table of Contents PART 1 THE VALUE OF WEB API TESTING 1 Why and how we test web APIs 2 Beginning our testing journey 3 Quality and risk PART 2 BEGINNING OUR TEST STRATEGY 4 Testing API designs 5 Exploratory testing APIs 6 Automating web API tests 7 Establishing and implementing a testing strategy PART 3 EXPANDING OUR TEST STRATEGY 8 Advanced web API automation 9 Contract testing 10 Performance testing 11 Security testing 12 Testing in production




Designing Evolvable Web APIs with ASP.NET


Book Description

Design and build Web APIs for a broad range of clients—including browsers and mobile devices—that can adapt to change over time. This practical, hands-on guide takes you through the theory and tools you need to build evolvable HTTP services with Microsoft’s ASP.NET Web API framework. In the process, you’ll learn how design and implement a real-world Web API. Ideal for experienced .NET developers, this book’s sections on basic Web API theory and design also apply to developers who work with other development stacks such as Java, Ruby, PHP, and Node. Dig into HTTP essentials, as well as API development concepts and styles Learn ASP.NET Web API fundamentals, including the lifecycle of a request as it travels through the framework Design the Issue Tracker API example, exploring topics such as hypermedia support with collection+json Use behavioral-driven development with ASP.NET Web API to implement and enhance the application Explore techniques for building clients that are resilient to change, and make it easy to consume hypermedia APIs Get a comprehensive reference on how ASP.NET Web API works under the hood, including security and testability




Testing Web APIs


Book Description

Ensure your web APIs are consistent and bug-free by implementing an automated testing process. In Testing Web APIs you will: Design and implement a web API testing strategy Set up a test automation suite Learn contract testing with Pact Facilitate collaborative discussions to test web API designs Perform exploratory tests Experiment safely in a downloadable API sandbox environment Testing Web APIs teaches you to plan and implement the perfect testing strategy for your web APIs. In it, you’ll explore dozens of different testing activities to help you develop a custom testing regime for your projects. This practical book demystifies abstract strategic concepts by applying them to common API testing scenarios, revealing how these complex ideas work in the real world. You’ll learn to take a risk-driven approach to API testing, and build a strategy that goes beyond the basics of code and requirements coverage. Your whole team will soon be involved in ensuring quality! Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications. About the technology Web APIs are the public face of your application, and they need to be perfect. Implementing an automated testing program is the best way to ensure that your web APIs are production ready. About the book Testing Web APIs is a unique and practical guide, from the initial design of your testing suite through techniques for documentation, implementation, and delivery of consistently excellent APIs. You’ll see a wide range of testing techniques, from exploratory to live testing of production code, and how to save time with automation using industry-standard tools. This book helps take the hassle out of API testing. What's inside Design and implement a web API testing strategy Set up a test automation suite Contract testing with Pact Hands-on practice in the downloadable API sandbox About the reader For dedicated software QA and testers, or experienced developers. Examples in Java. About the author Mark Winteringham is the OpsBoss at Ministry of Testing, where he teaches many aspects of software testing. Table of Contents PART 1 THE VALUE OF WEB API TESTING 1 Why and how we test web APIs 2 Beginning our testing journey 3 Quality and risk PART 2 BEGINNING OUR TEST STRATEGY 4 Testing API designs 5 Exploratory testing APIs 6 Automating web API tests 7 Establishing and implementing a testing strategy PART 3 EXPANDING OUR TEST STRATEGY 8 Advanced web API automation 9 Contract testing 10 Performance testing 11 Security testing 12 Testing in production




Automating and Testing a Rest API


Book Description

Have you ever wished that you had a worked example of how to test a REST API? Not just automate the API, but how to interact with it, using command line and GUI tools, to support your manual interactive testing. Then take your testing forward into automating the API? That's what this book provides. A step by step case study covering: - How to read the REST API documentation. - How to tell if the application is using the API. - How to interact with the API from the command line with cURL. - Automating with BASH and Windows Command Line. - Sending API requests through an HTTP Proxy so you can see in detail the requests and responses. - How to use HTTP Proxies to create data in the application through Fuzzing. - Postman REST API GUI tool. - Automate 'under the GUI' parts of the application that don't have an API. - Automate the API with Java using REST Assured. - Build abstraction code to make your automated efforts readable and maintainable. - JSON and XML parsing with Serialization and Deserialization. The book is fully supported by executable code which you can find on GitHub, and the support page for the book has sample videos showing some of the early steps in the case study in detail. By working through this case study you will be able to interact with an API from the command line, GUI tools, HTTP messages in Proxies and with Java code. Over the last few years, the Author has used the Open Source Tracks application as an example testing target to teach: Technical Web Testing, Automating GUIs and REST API Testing. This book collates the preparatory work and teaching from the REST API workshops. The code from the workshops is included: for creating users, generating random data, testing basic API calls with PUT, GET, POST and DELETE. Also the early steps of exploring and investigating the API interactively to support manual technical testing are explained in depth.




Mastering Modern Web Penetration Testing


Book Description

Master the art of conducting modern pen testing attacks and techniques on your web application before the hacker does! About This Book This book covers the latest technologies such as Advance XSS, XSRF, SQL Injection, Web API testing, XML attack vectors, OAuth 2.0 Security, and more involved in today's web applications Penetrate and secure your web application using various techniques Get this comprehensive reference guide that provides advanced tricks and tools of the trade for seasoned penetration testers Who This Book Is For This book is for security professionals and penetration testers who want to speed up their modern web application penetrating testing. It will also benefit those at an intermediate level and web developers who need to be aware of the latest application hacking techniques. What You Will Learn Get to know the new and less-publicized techniques such PHP Object Injection and XML-based vectors Work with different security tools to automate most of the redundant tasks See different kinds of newly-designed security headers and how they help to provide security Exploit and detect different kinds of XSS vulnerabilities Protect your web application using filtering mechanisms Understand old school and classic web hacking in depth using SQL Injection, XSS, and CSRF Grasp XML-related vulnerabilities and attack vectors such as XXE and DoS techniques Get to know how to test REST APIs to discover security issues in them In Detail Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web application security. We will cover web hacking techniques so you can explore the attack vectors during penetration tests. The book encompasses the latest technologies such as OAuth 2.0, Web API testing methodologies and XML vectors used by hackers. Some lesser discussed attack vectors such as RPO (relative path overwrite), DOM clobbering, PHP Object Injection and etc. has been covered in this book. We'll explain various old school techniques in depth such as XSS, CSRF, SQL Injection through the ever-dependable SQLMap and reconnaissance. Websites nowadays provide APIs to allow integration with third party applications, thereby exposing a lot of attack surface, we cover testing of these APIs using real-life examples. This pragmatic guide will be a great benefit and will help you prepare fully secure applications. Style and approach This master-level guide covers various techniques serially. It is power-packed with real-world examples that focus more on the practical aspects of implementing the techniques rather going into detailed theory.