9

I am working as a tester on a system based on a Rest API. Part of my job is to use different applications to POST files to the Rest API and then accessing the API directly via a Rest Client to verify that the XML is correct.

So far I have been using the RESTClient firefox add-on.

But now we are getting rid of our old login in favour of Oauth. This all good and all but it makes testing harder since I can't ( don't know how? ) how to access the Rest API using the REST client I am using. And I don't know of any other REST client that can do this.

I need a REST Client/REST browser that can handle login via oauth.

Update:
Hi. I am still looking for more good REST Clients that can handle Oauth. So if you know any I would appreciate a post below.

Improve this question

4 Answers 4

Reset to default
6

I was also looking for such a thing and since this question things seem to have moved on a bit.

I'm using Chrome and the REST Console extension works brilliantly for me:

https://chrome.google.com/webstore/detail/cokgbflfommojglbmbpenpphppikmonn

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I would recommend Chrome POSTMAN over RESTClient since it has few bugs((github.com/chao/RESTClient/issues/105)) that lead to invalid signature.
3

I'm author of RESTClient, and I already started to develop a new version of RESTClient (version 1.4.0). The new version will support oAuth 2.0. And it will be released in April.

Improve this answer

2 Comments

Are you talking about the Firefox Plugin? I have noticed that a lot of Rest Clients are called RESTClient. For example WizzTools have a software also called RESTClient code.google.com/p/rest-client
Yes, I just submitted a new version of RESTClient to Mozilla, but I still haven't finished oAuth 2.0 yet. I hope I will finish it in this month.
1

There's nothing that prohibits you from continuing to test a REST API manually when it uses OAuth authentication. OAuth simply requires that you send additional parameters: first that you negotiate the OAuth dance to get a request token and exchange it for an access token and then that each request has the necessary OAuth parameters (oauth_consumer_key, oauth_token, oauth_signature_method, oauth_signature, oauth_timestamp and oauth_nonce). You'd need to use a separate tool to do the signing (unless the product you're testing is willing to use PLAINTEXT as the signature method), but you could simply copy all of these values in manually to your current manual tool.

If that sounds like a lot of work, you're right! I think this is a good time to switch to automated testing. Libraries exist for most languages to consume OAuth services programmatically and that would handle all of those parameters and signing for you. You could build a generic tool that let a manual tester specify URLs and parameters by hand, or go farther and write something that did all the generation and validation automatically.

Update: for doing some exploratory testing from the command line, it would certainly be helpful to have a curl-like tool that handles some of the OAuth paramaters and signing. Check out oauth-proxy which may work for you -- it's intended exactly for exploring APIs on the command line. Or you may find that for your particular explorations, you want to build a script around oauth-proxy or a tool on top of one of the many OAuth libraries for different languages.

Improve this answer

3 Comments

Thanks for your good answer. I was afraid that it would be a drag using our current tool and you confirmed it. We already do automated testing but we also need to do manual exploratory testing using REST Client. I can't belive there is not a open source tool for this.
Yeah, that's a good point, @Jonas. Sometimes you need to do manual exploratory testing of an API. I've added a link to oauth-proxy to the answer which might work for you, and I'd be very interested to know of other such convenience tools.
Thanks for all your help. I managed to find a tool that can do what I need. See my answer below.
1

Turns out RESTClient does support oauth but that the new version has not been released yet.

Checkout the lastest codes from sourceforge
http://sourceforge.net/projects/restclient/develop
And use those files to replace your RESTClient (which should be found in your firefox profile directory
http://support.mozilla.com/en-US/kb/Profiles#How_to_find_your_profile ).

Note: I had to hack the source and remove the "realm" parameters since our system didn't want it. According to Oauth spec realm is optional and I have asked the developers of RESTClient to make it optional in the future releases.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.