-2

I am trying to adpot a TDD process. I am a bit confused when it comes to testing an Api. I know for sure that the status and the response should be tested.

But I am thinking if whether or not I should be testing the application state. Let's say that I have MVC design pattern where the Api is the controller and a CarService is the model that is responsible for the business logic.
When testing the following api DELETE /cars/1 should I check if the cars has been actually deleted using the CarService ?

Also could you please recommend an up to date reference on what should be tested and how distriputed system should be tested ? I probably should put this in another question but when it comes to integration tests the paramaters and configuration of tests seems to be infinite. For example should I write a test for every api without an authentication header to assert the application security ?

Improve this question
1
  • It depends on how critical or important is the application. The software of a neurosurgery robot is more critical than a random gaming website. It also depends on how much efforts (days of work, or US$, or €) you are allowed to spend in developing the software. Does DELETE /cars/1 is some instruction to steel-crushing robot, or is it some query to a database? Commented Jan 4, 2022 at 19:38

2 Answers 2

Reset to default
2

Whether the car is deleted or not is an implementation detail, not to be tested.

Whether the API returns data from GetCar?id=1 after you have called the delete method is part of the interface and should be tested

Re testing without auth header

It is worth putting these tests in, as you can get lots of odd authentication problems that this will pick up. You can do it fairly low cost by using a factory to generate the client and passing in type with data driven tests.

Improve this answer
1

Application State: If you have multiple instances of an e.g. REST web service, then they'd be stateless and state would be held in the backing store/repositories/database.

It seems like this could use some clarity as to which category you're testing.

Application State: If you have multiple instances of an e.g. REST web service, then they'd be stateless and state would be held in the backing store/repositories/dat

If you're hitting a REST API, it seems like you're hitting the system as a whole, not an integration test. If not, you'll need to bring up some hybrid/stub/mock service which has your REST API but does nothing/logs/returns canned responses, which could be quite some work to develop depending on your choice of language/framework.

If you have tests at the unit level to verify the internals of the APIs you've developed, then you can test at a higher level. These tests can also be used as Post Deployment / QA checks.

Here's the sort of test I'd expect to see at this level, in some pseudo-BDD language:

SCENARIO: Deleting a Car removes it from the system
 
GIVEN: A car with ID 456
  ID = random()
  curl https://myservice:port/cars/add/id=$ID&name=myCar&...
 
WHEN: we delete the card by ID
  curl https://myservice:port/cars/delete/$ID succeeds

THEN: the car is no longer available 
  curl https://myservice:port/cars/item/$ID fails with an error
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.