What is a Web Service?
A Web Service is defined as a service which is capable of exchanging information via HTTP or HTTPS protocol over World Wide Web (www). It is platform independent, therefore is not restricted to a particular operating system or programming language. As an example, an application coded in the .NET platform can have access to data from a Java application in the form of a web service through the transfer of a XML/JSON request.
Web services use a collection of protocols and standards for exchanging data between applications or systems. SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) are two options used to access web services. SOAP is primarily used for scenarios requiring faster data transfer, strict application development, security of environment with different tools, etc. Similarly, REST is used for basic integration, AJAX implementation, providing connection for requests over HTTP and more. Let’s look at a high level technical comparison of SOAP and REST:
|SOAP is a protocol.||REST is an architectural style.|
It provides set of guidelines of how a client should interact with the server.
|SOAP uses service interfaces to expose business logic.||REST uses URI to expose business logic.|
|SOAP permits XML data format only, hence it requires more bandwidth.||REST permits different data formats like text, XML, JSON, HTML etc. and requires less bandwidth.|
|SOAP defines its own security.||REST inherits security measures from underlying transport that is HTTP.|
The web services play a critical role in application performance and therefore should be tested thoroughly to avoid any surprises. Let’s now delve into testing of web services.
Web Services Testing
Web services testing can occur at different stages of application development and maintenance. Here are a few aspects that are reviewed during web services testing:
- The robustness of the architecture for the application under development.
- Validation if the web service can handle the exception conditions and the boundary value conditions of predefined functions.For example, in payment gateway platforms, the role of the web service is to ensure that end users enter valid input parameters like a 16-digit card number, the card holder’s first and last name, CVV, expiration date, etc. These input parameters need to be checked for validity by cross-checking with a bank web service. If there are any differences, then errors and alerts should be displayed.
- Review the intended performance of an application after patches and/or updates.In an agile environment, changes can be requested at any time to existing functionality or an addition of new functionality. When the existing system is changed, some functionality may be lost or altered. Regression testing aims to ensure that the web service still works after builds or releases.
- Load testing of the web service using different automation tools.When many simultaneous users are accessing the system, response and performance should remain consistent regardless of user volume. For example, in a travel reservation system, a large volume of users may hit the system simultaneously. The capacity of the system to respond to multiple requests should be tested ensure a smooth and user-friendly travel booking experience.
The prime focus of this testing approach is to validate the response or output based on varying test conditions. The XML/JSON response or output can be a reference to another web service or API, with different types of data and pass/fail status.
Defects addressed through Web Services Testing
Following are few of the defects that web service testing aims to eliminate:
- Security breaches: Any security breach in the Web service API gives hackers access to attack the system. This defect is widely exploited in the payment gateway API.
- Performance related defects: By evaluating Web service response times, the performance of end-to-end functionality can be evaluated before a GUI is in place. If response time is too high (slow) then there is scope for code refactoring to improve the performance.
- Multi-threading issues: If a Web service or API response is in an encrypted format and acts as an input for another API, attackers can decrypt the API response from the first API before it passes into the next API. These type of defects can be resolved through web services testing.
- Improper errors or warnings to the caller while testing business logic during functional testing.
- Any functional defect related to API functions – i.e. if the API response occurs as per the defined function or not.
- Unused code, duplicate functionality or unused flags can be tracked by using Web service.
- Reliability issues: Difficulty in connecting and getting a response from API.
- Incorrect handling of the valid argument values.
- Failure in handling the error conditions gracefully.
Challenges in Web Services testing
Below are a few challenges that testers may see during Web Services Testing.
- Lack of user interface: Due to the absence of a user interface, web services require writing of test cases in a programming language. Therefore, the tester needs to have programming expertise and an understanding of web services fundamentals.
- Performance and security: Assumptions cannot be made about the number of connections to the service, or how the web service is accessed. The performance impact should be determined in advance if many users will connect to the web service.
- Applications are generally built by integrating many web services which are developed by different developers. These services are distributed over the network and may be hosted on different operating systems and deployed in different environments. So, factors like availability, performance, reliability and security need to be taken into consideration while carrying out testing.
API and Web Service Testing Tools
So, what about web services testing tools? What are your options? Here are six of the most popular tools for web service testing or API performance testing.
Soap UI is a popular tool for Web services. This open source and cross-platform tool helps to perform functional, performance, interoperability, regression, compliance and load testing of both SOAP and REST web services. It comes with a built-in convenient graphical interface and supports top-notch technologies and standards to simulate web services behavior.
- Provides HTML reports which can be printed or exported at Test Suite, Project, Test Case and Load Test level
- Hudson, Bamboo, Maven, ANT, and Junit are currently available
- Allows for development of custom set of features as SoapUI Plugins
- All data is recorded, monitored and manifested
- Extends support to WS-Security and SSL decryption
Postman is a web service/API testing tool that has a powerful HTTP client to test web services. For effectual testing and management of API test cases, Postman has a handy request builder that helps to write test cases and regulates response data.
- APIs can be gathered and organized in a feature called Postman Collections
- Postman is very reliable for channeling and receiving REST information
- Promotes ease of collaboration and sharing of API data with the testing team
- Allows hassle-free text pasting feature for test creation on command-line window
- Boolean tests can be written within the Postman Interface
Storm is an open source tool for testing web services written in Java or .NET. It currently supports only SOAP web services. It can effectively invoke web service methods with input parameters of complicated data types.
- Multiple test services can be tested from a single UI
- Raw SOAP requests can be edited
- Supports testing of Windows Communication Foundation(WCF) apps
vRest is an exclusive online tool for mock testing, automated testing and validation of REST/HTTP APIs/Restful APIs and web services. It also supports mobile, web, and desktop application testing for systems that interact with third-party APIs or HTTP services.
- Provides mock server functionality to create API mock within minutes
- Test cases can be recorded and played through a Chrome extension provided by vRest
- Supports integration with Jenkins for continuous server integration and Jira for bug tracking
- Aids with management of roles and permissions
- Integrates test cases and reports with external tools
Parasoft is an all-inclusive SOAP testing tool which provides an interface to automate complicated scenarios across the messaging layer, databases, Enterprise Service Bus (ESBs) and mainframes. It monitors test scenarios across an extensive range of protocols and messages used in APIs, REST, WAL, JSON, etc.
- Simplification of GUI-less API
- Creates adaptable, reusable and easily supportable tests with 100% coverage
- Designs sophisticated tests without scripting or coding
- Automates continuous regression testing with sophisticated validations
- Supports a wide range of platforms, technologies and protocols
HttpMaster is a web service tool that exclusively tests REST web services. It is utilized to test behavior of REST APIs and verify data output in formats including XML, JSON and HTML. HttpMaster is a great choice for simulating client activity and response behavior of an API application.
- Provides a logical and refined user interface that doesn’t require advanced technical skills
- Several HTTP methods such as GET, POST, and DELETE can be used
- Different validation types and expressions are provided to ease testing
- Test creation and its execution are done by utilizing command-line interface
- Storing of all information including API calls and project data is in a single place
Web service testing is an important step of the application development lifecycle to ensure releases are reliable, perform well and meet user’s needs. Web service testing should be performed on custom developed APIs as well as any third-party APIs that are consumed within the application to ensure no issues occur.