Swagger Note

This project involves REST API testing on Swagger Note API using Postman v11.14.0. The Note API operates by creating a user account and facilitating login. After successful login, it generates a dynamic authentication token known as x-auth-token. Subsequently, authorization is required to access specific resources, such as creating, retrieving notes and all of other endpoints.

Requirements

• Git,
• Postman,
• nodejs,
• Newman Report Generator

What are tested?

• Covered all API endpoints for both positive and negative scenarios except two of them. (Reason explain on what are not tested section)
• All API requests are organized under collection folder properly so that they can be executed using a Postman's "Run collection" feature without the need to manually run each API one by one.
• Validate response data through different types of assertions, such as response code, response time, response header, JSON schema validation and more.
• Handle dynamic elements like the token key, which changes every time during a new login, by storing the captured token in an environment variable each time a new token is generated and updating it with the last one.
• Implemented the concept of API chaining, where the output of one request serves as the input for the next, specifically between the register and login requests, as well as between creating a note and retrieving a note by ID.
• Identified 11 medium and 3 critical bugs.
• Generate HTML report using Newman Report Generator. The report is generated in the newman folder.

What are not tested?

• 2 API endpoints Forget password and Verify reset password token are not tested because Forget password doesn't sent password reset link to the email despite email being correct. NOTE: This feature was working before but now its not working.

Challanges faced during testing?

The first challenge I faced was during the forgot password process. The server sent a password reset link to an email address. However, during the Verify reset password token step, it was confusing to determine which token to insert for verification. I later realized that the token value was located at the end of the password reset link after the ‘/’ character.

The second challenge I faced was capturing the partial token value from a password reset link (for example, a password reset link looks like https://URL/token-key-to-reset). My plan was to parse the response, capture that partial value, and store it inside environment variables. So, I used the Google Cloud Console to generate a client ID and client secret and logged in with my Gmail ID on Postman, but that specific link was not visible in Postman. So, I completed the process by manually copying the token value from my Gmail and verifying the token to reset the password, which I failed to do automatically through Postman.

How to Download and Setup the Project?

• Clone the project repository using below command or Alternatively, you can download the project as a ZIP file and extract it.

  git clone https://github.com/prabesh-mah/Swagger-Note-API-Postman
  

• After downloading and extracting the project files, launch Postman and create a new Workspace.
• Import the collection file into your newly created workspace. To do this, click on Import, which is located just below the API Network button on top LHS menu bar. A dialog box will open up where browse or drag and drop the file name Swagger Note API.postman_collection.json.
• Next, navigate to the 'Environment' section, which is located on the left-hand side (LHS) below the collection.
• Import the environment variable file in the same manner as you did for the collection file. The file you need to import is named Swagger Note Variables.postman_environment.json.
• Now, you're all set to start testing the API, Notice to set the environment variable as QA-Environment located on top RHS below maximize button.

Read Before running the collection

Information such as Name Email Password and some of the others are automatically generated using Postman’s built-in keywords like $randomFullName, randomPassword and $randomEmail. After hitting API request and getting the response these values are stored in the environment variables through assertion for further validation. During validation, I used assertions to retrieve the same stored value that was stored in evironment variable and performed the validation.

Similarly after login, the token key is generated by the server-side as a response for authorization to access all of the other endpoints. The token value is dynamic, changing every time a new login occurs. This dynamic token value is also automatically handled by assertions, ensuring that the new token value is stored in the ‘token’ variable everytime a user logins.

Whereas some of the variable names like validEmail, password, weakpassword, newPassword, newName, contact, company, note details can be updated as per your needs as they were static and hard-coded.

How to run collection and generate report using newman cli?

newman run "Swagger Note API.postman_collection.json" -e "QA-Environment.postman_environment.json" -r htmlextra

Report will be generated in .html format so open it via. any prefered browser to see the detailed report. The detailed description is also included within the Postman documentation, ensuring that each request comes with an explanation that makes it easy to understand what is happening with each request.

Execution Video

This is the Postman Collection runner video via. postman-app. Video

Load Testing using JMeter

This GitHub summary provides an overview of the load testing implementation on the Swagger Note API using JMeter v5.6.3. The API endpoint and payload data were stored in user-defined variables for easy access and modification. Request headers, including Content-Type and Authorization, were managed through the HTTP Header Manager.

To extract dynamic values from the JSON responses, a JSON Extractor was added as a Post-Processor. This allows for capturing specific fields from the response using JSON Path expressions. For example, variables were created to store note IDs and token extracted from the JSON response, ensuring that these values could be reused in subsequent requests.

A constant time delay has also been added to each request to simulate human interaction, making the testing process more realistic

Assertions were implemented to validate both the status codes and response bodies, confirming that the API operates as expected under load. Finally, reports were generated to analyze test results, including assertion outcomes. This comprehensive approach ensures effective performance evaluation of the Swagger Note API.

Note

Although the email address is valid, the API does not send a password reset link, so I used a random email.

Run via. Command Line

jmeter -n -t jmeter-load-test/swagger-note-api-load-test.jmx -l 'jmeter-load-test/result/result.csv'

where,

• -n specifies that JMeter should run in non-GUI mode.
• -t is followed by the path to your .jmx file, which contains the test plan.
• -l specifies the location where the results will be logged.

Execution Video

For demonstration purposes, the execution video currently simulates only one user to reduce recording time. The execution video for simulating multiple users will soon be uploaded along with the report file. Video