First, what is an interface?

Generally speaking, there are two kinds of interfaces, one is the internal interface of the program, and the other is the external interface of the system.



        External interface of the system: for example, if you want to obtain resources or information from other websites or servers, others will certainly not share the database with you. They can only provide you with a written method to obtain data. You can use the written method by quoting the interface provided by him, so as to achieve the purpose of data sharing, such as the app we use These URLs are called through the interface during data processing.



        Internal interface of the program: the interaction between methods, between modules, and the interfaces thrown inside the program, such as the BBS system. There are login modules, posting modules, etc. if you want to post, you must log in first. If you want to post, you have to log in. Then the two modules have to interact, and it will throw an interface for the internal system to call.

1、 Common interfaces:

1. WebService interface: it is transmitted through HTTP through soap protocol. The request message and return message are in XML format. We can use tools to call and test. The tools you can use include soapUI, JMeter, LoadRunner, etc;

2. HTTP API interface: it is a method that uses the HTTP protocol to distinguish calls through paths. The request messages are in the form of key value. The return messages are generally JSON strings, including get and post methods. These are also the two most commonly used request methods. Tools you can use include postman, restclient, JMeter, LoadRunner, etc;

2、 Front end and back end:

Before talking about interface testing, let’s clarify these two concepts, front-end and back-end.



      What is the front end? For the web end, the web pages we use and the websites we open are all front ends, which are written in HTML and CSS; For the app side, it is developed by our app, Android or Object-C (developing apps on IOS). Its function is to display the page, let us see beautiful pages, and do some simple verification, such as non empty verification. When we operate on the page, these business logic and functions, such as shopping, These functions of microblogging are realized by the back-end. The back-end controls the deduction of your balance when you shop, which account to send microblogging to, and how the front-end and back-end interact, that is, through the interface.



      You may not understand what I said earlier. You just need to remember: the front end is responsible for beauty, and the back end is responsible for making money to support your family.

3、 What is interface testing:

Interface test is a kind of test to test the interface between system components. Interface test is mainly used to detect the interaction points between external systems and internal subsystems. The focus of the test is to check the data exchange, transmission and control management process, as well as the mutual logical dependency between systems.

OK, the above is what Baidu Encyclopedia said, and the following is what I said

In fact, I think interface testing is very simple, which is simpler than general function testing (I’ll say this first, and I may delete o (∩ ∩) O ha!). Many companies looking for a job now require interface testing experience, and many people ask me (just two or three people) what interface testing is, with the attitude of pretending to understand if I don’t understand it, I would say: the so-called interface test is to judge whether the interface meets or meets the corresponding functional and security requirements by testing the corresponding input and output parameter information under different conditions.

Why do I say that interface testing is simpler than function testing? Because function testing inputs values from the page, and then transmits values to the back end by clicking buttons or links. Moreover, function testing also tests UI, front-end interaction and other functions, but interface testing has no page. It splices messages through the call address and request parameters on the interface specification document, and then sends requests, Check the return result, so it only needs to measure in and out parameters, which is relatively simple.

4、 Interface composition

What are the components of the interface?

First, the interface document should contain the following contents:

1. Interface description

        2. Call URL

        3. Request method (getpost)

        4. Request parameter, parameter type, request parameter description

        5. Return parameter description

It can be seen from the interface document that the interface shall at least be composed of request address, request method and request parameters (input and output parameters), and some interfaces have request header.

Header: the string sent by the server before transmitting HTML data to the browser through HTTP protocol. There is still a blank line between the header and the HTML file, which generally stores cookies, tokens and other information

A classmate asked me what is the relationship between header and participation? Aren’t they all parameters sent to the server?

OK, first of all, they are indeed parameters sent to the server, but they are different. The parameters stored in the header generally store some verification information, such as cookies, to verify whether the request has permission to request the server. If so, it can request the server, and then send the request address to the server together with the input parameters, The server then returns the input and output parameters based on the address and input parameters. In other words, the server first receives the header information to determine whether the request has permission. After determining whether the request has permission, the server will accept the request address and input parameters.

5、 Why do interface tests

As we all know, the interface is actually used for the interaction between the front-end page or app calls and the back-end, so many people will ask, I have tested all the functions, why do I test the interface? OK, before answering this question, give me a chestnut:

For example, test the user registration function, and specify that the user name is 6 ~ 18 characters, including letters (case sensitive), numbers and underscores. First of all, the user name rules will be tested during the function test, such as entering 20 characters, entering special characters, etc., but these may only be verified at the front end, and the back end may not be verified. What if someone bypasses the front end verification and sends it directly to the back end through packet capturing? Just imagine, if the user name and password are not verified at the back end, and someone bypasses the front end verification, can’t the user name and password be entered casually? If you log in, you may log in at will through SQL injection and other means, and even obtain administrator privileges. Isn’t that terrible?

Therefore, the necessity of interface testing is reflected:

① . you can find many bugs that cannot be found by operation on the page



        ② Check the system’s exception handling capability



        ③ Check the safety and stability of the system



        ④ The front end is changed at will, the interface is tested, and the back end does not need to be changed

6、 How to test the interface test:

Before interface testing, you also need to understand:

1) , get, and post requests:



     If it is a get request, just enter it directly in the browser. As long as it can be requested directly in the browser, it is a get request. If it is a post request, it won’t work. You have to send it with the help of tools.

Difference between get request and post request:



     1. Get uses a URL or cookie to pass parameters. Post places the data in the body.

     2. The URL of get is limited in length, and the data of post can be very large.

     3. Post is safer than get because the data is not visible on the address bar.

     4. Generally, get requests are used to obtain data, and post requests are used to send data.



        In fact, only the last point of the above points is more reliable. The first point is that post requests can also put data into URLs. Get requests actually have no length limit. Post requests seem to have implicit parameters, which are a little safer, but that’s only for small white users. Even for post requests, you can catch parameters by capturing packets. So just say it during the above interview.

2) . HTTP status code

After each HTTP request is sent, there will be a response. HTTP itself will have a status code to indicate whether the request is successful. The common status codes are as follows:



        1. The beginning of 200 2 indicates that the request was sent successfully. The most common is 200, which means that the request is OK and the server returns.

        2. 300 3 represents redirection. The most common is 302, which redirects the request to another place,

        3. 400 indicates that the request sent by the client has syntax error, 401 indicates that the page accessed is not authorized, 403 indicates that you do not have permission to access this page, and 404 indicates that you do not have this page

        4. 500 5 indicates that the server has an exception, 500 indicates that the server has an internal exception, 504 indicates that the server has timed out and no result is returned

Next, how to test the interface test:

1) General interface use case design

① Pass verification: first of all, make sure that the function of the interface works well, that is, whether the correct results can be returned after the normal pass test is passed in according to the parameters on the interface document.

② Parameter combination: now there is an interface for operating commodities. There is a field type. When passing 1, it means modifying commodities. One of the commodity ID, commodity name and price is required. When passing 2, it means deleting commodities, and the commodity ID is required. In this way, the parameter combination needs to be tested. When passing 1, only the commodity name, ID, name Whether the price can be modified successfully when it is transmitted.

③ I. interface security:



     1. Bypass the verification. For example, if I buy a commodity, its price is 300 yuan. When I submit the order, I change the price of the commodity to 3 yuan. Is there verification at the back end? Be more cruel. I change the money to – 3. Do I have to increase my balance?

     2. Bypass identity authorization, such as modifying the commodity information interface, which must be modified by the seller. If I pass it to an ordinary user, can I modify it successfully? If I pass it to another seller, can I modify it successfully

     3. Whether the parameters are encrypted, such as the interface I log in to, whether the user name and password are encrypted, if not, if others intercept your request, they can get your information, and whether the encryption rules are easy to crack.

     4. Password security rules, password complexity verification

④ . exception verification:



        The so-called exception verification means that I do not input parameters according to the requirements on your interface document to verify the verification of the interface for exceptions. For example, if you don’t fill in the required parameters, enter the integer type, pass in the string type, the length is 10, and pass it to 11. In short, I don’t come much as you say. In fact, there are only three types: must pass, non must pass, parameter type, and input parameter length.

2) Design use cases according to business logic



        To design according to business logic is to design use cases according to the business of your own system. The business of each company is different, so you have to look at your own company’s business. In fact, this is the same as the function test design use cases.

      

        For example, take BBS for example. The requirements of BBS are as follows:



        1. If you fail to log in 5 times, you need to wait 15 minutes before logging in

        2. Newly registered users need to post after the internship period

        3. Delete posts and deduct points

      4、……

   Like this, you have to list these test points, and then create the test points corresponding to the data test.

7、 With what tools

There are many tools for interface testing, such as   Postman, restclient, JMeter, LoadRunner, soapUI, etc. my first testing tools are postman and JMeter. Next, I will briefly introduce how to use these two tools for interface testing. Other tools will not be introduced this time.

1) Postman is an interface test plug-in of Google. It is simple to use, supports use case management, supports get, post, file upload, response verification, variable management, environmental parameter management and other functions, can run in batch, and supports use case export and import.

JMeter is a free and open source tool written in 100% pure Java. It is mainly used for performance testing. Compared with LoadRunner, it occupies less memory, is free and open source, lightweight and convenient, does not need installation, and is more and more loved by the public.

Note: the addresses used in the following use cases are my local environment, which can not be accessed from the Internet. We apologize.

① . obtain user information: this interface is used to obtain user information through userid

Request address: http://192.168.1.102:8081/getuser

Request method: post / get

Input:

parameter Data type (length) Is it necessary to pass remarks
userid String Y User ID

Output reference:

parameter Data type (length) remarks
code int Status code 200 indicates success and 500 indicates exception
age int Age
id string User ID
name String User name

The request in postman is as follows

The requests in JMeter are as follows:

② . get user information: you need to add header, content type application / JSON

one point one     Request address

http://192.168.1.102:8081/getuser2

one point two     Request mode

get/post

one point three       Input parameter

parameter Data type (length) Is it necessary to pass remarks
userid String Y User ID

one point four       Out parameter

parameter Data type (length) remarks
code int Status code 200 indicates success and 500 indicates exception
userid int User ID
name string User name
age int User age

The postman test is as follows. This input parameter is of JSON type. Of course, the document does not say that JSON must be used. It is also possible to use other methods

JMeter tests are as follows

③ 2. Modify user balance

one point one       Function description

Function Description: a cookie needs to be added. The token token is a dead token 12345

one point two     Request address

http://192.168.1.102:8081/setmoney2

one point three     Request mode

Post

one point four     Input parameter

parameter Data type (length) Is it necessary to pass remarks
userid String Y User ID
money String Y Modified balance value

one point five       Out parameter

parameter Data type (length) remarks
code int Status code 200 indicates success and 500 indicates exception
success String state

The postman test is as follows:

JMeter tests are as follows:

④ File upload

postman:

jmeter:

⑤ . request WebService interface

The tool required to request the WebService interface is soapUI, as shown in the following figure

The request in JMeter is as follows:

Leave a Reply

Your email address will not be published. Required fields are marked *