<a href="https://colab.research.google.com/github/animesh-banik/DataScienceProject_Databriks/blob/Google_Colub/API_Testing.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

**What is an API?**

API (Application Programming Interface) is a set of rules and protocols that allows different software applications to communicate with each other. It defines the methods and data formats that applications can use to request and exchange information.

**What is the difference between API and Web Service?**
**Answer:**
- **API:** Broader concept, any interface for communication between software components
- **Web Service:** Specific type of API that uses web protocols (HTTP/HTTPS) and is accessible over the internet

**What is API Testing ?**

API Testing is a type of software testing that focuses on verifying whether Application Programming Interfaces (APIs) are functioning as expected.

**Why Use API Testing**

Verify correctness of API responses (status codes, data returned)

Check functionality – whether the API does what it is supposed to do

Validate data integrity – ensures correct data is sent and received

Assess security – authentication, authorization, data protection

Evaluate performance – response time, load handling

Ensure reliability and robustness under various conditions

**What Do You Test in API Testing?**

HTTP Methods: GET, POST, PUT, DELETE, PATCH

Response Codes: 200 (OK), 201 (Created), 400 (Bad Request), 401 (Unauthorized), 404 (Not Found), 500 (Server Error), etc.

Data Formats: JSON, XML

Authentication: Token-based, OAuth, API keys

Headers and Parameters: Proper handling of input values

Error handling: Graceful failure and informative error messages

Common Tools Used in API Testing


Postman – GUI tool for manual API testing

SoapUI – Good for SOAP and REST APIs

REST Assured – Java library for automated REST testing

JMeter – Can be used for load testing APIs

Swagger / OpenAPI – API documentation and testing

Karate, Newman, Cypress, Katalon – Other automated solutions

**What is diiffents Typs of API**

REST API (Representational State Transfer)

      Most common for web services
      Uses HTTP methods (GET, POST, PUT, DELETE)
      Data in JSON or XML
      Stateless (no session between calls)

SOAP API (Simple Object Access Protocol)

    Protocol-based (strict rules)
    Uses XML only
    Requires more setup (envelope, headers, etc.)

GraphQL API

    Developed by Facebook
    Lets the client request specific data
    All data is fetched through a single endpoint

**What is REST?**

REST (Representational State Transfer) is an architectural style for designing networked applications. It uses standard HTTP methods and is stateless, cacheable, and has a uniform interface.


**What are the principles of REST?**
**Answer:**
- **Stateless:** Each request contains all information needed
- **Client-Server:** Separation of concerns
- **Cacheable:** Responses can be cached
- **Uniform Interface:** Standard HTTP methods
- **Layered System:** Architecture can have multiple layers
- **Code on Demand:** Optional, server can send executable code


**In REST (Representational State Transfer), being stateless means:**

Every HTTP request from a client to the server must contain all the information the server needs to understand and process it.

The server does not remember any “session state” about the client between requests.

Each request is independent, and the server treats it like a new interaction.

Key Points about Statelessness

**No server-side session**

The server does not store client-specific info (like login sessions or shopping carts).

Instead, the client must send credentials (e.g., token) or context data with each request.

**Client responsibility**

If state needs to be tracked (like “user logged in” or “current cart”), the client holds it and passes it back in the request (often via JWT tokens, cookies, or query params).

**Scalability**

Because servers don’t store client sessions, you can add/remove servers easily (load balancing).

Any request can go to any server.

**Reliability**

If a server crashes, no session info is lost, since state is not stored there.

For Example :
**for soap **

Client: POST /checkout

Server: "Okay, I know from your previous requests you’re user123 with cart ABC. Proceeding."
➡️ Server remembers session data.

**but for rest**

in REST:
Stateless = server doesn’t keep client session. Each request is self-contained and independent.

**What are the principles of REST?**
**Answer:**
- **Stateless:** Each request contains all information needed
- **Client-Server:** Separation of concerns
- **Cacheable:** Responses can be cached
- **Uniform Interface:** Standard HTTP methods
- **Layered System:** Architecture can have multiple layers
- **Code on Demand:** Optional, server can send executable code


**What are the principles of REST?**

- **Stateless:** Each request contains all information needed
- **Client-Server:** Separation of concerns
- **Cacheable:** Responses can be cached
- **Uniform Interface:** Standard HTTP methods
- **Layered System:** Architecture can have multiple layers
- **Code on Demand:** Optional, server can send executable code


**What is SOAP?**

SOAP (Simple Object Access Protocol) is a protocol for exchanging structured information in web services. It uses XML for message format and typically runs over HTTP or HTTPS.


Install dependencies

**What is the difference between REST and SOAP?**
**Answer:**
- **REST:** Lightweight, uses JSON/XML, stateless, uses HTTP methods
- **SOAP:** Heavy protocol, uses XML only, has built-in error handling, supports transactions


In [None]:

!pip install requests pytest pyhamcrest

Collecting pyhamcrest
  Downloading pyhamcrest-2.1.0-py3-none-any.whl.metadata (15 kB)
Downloading pyhamcrest-2.1.0-py3-none-any.whl (54 kB)
[2K   [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m54.6/54.6 kB[0m [31m2.0 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pyhamcrest
Successfully installed pyhamcrest-2.1.0


Create Class for Rest Assured

In [None]:
import requests
from hamcrest import assert_that

class RestAssured:
    def __init__(self, base_uri):
        self.base_uri = base_uri
        self.response = None
        self.params = {}
        self.headers = {}
        self.json_body = None

    def given(self, params=None, headers=None, body=None):
        self.params = params or {}
        self.headers = headers or {"Content-Type": "application/json"}
        self.json_body = body
        return self

    def when(self, method, path):
        url = self.base_uri + path
        self.response = requests.request(
            method.upper(),
            url,
            params=self.params,
            headers=self.headers,
            json=self.json_body
        )

        return self

    def then(self):
        return ResponseValidator(self.response)


class ResponseValidator:
    def __init__(self, response):
        self.response = response


    def statusCode(self, code):
        print(self.response.json())
        print(self.response.status_code)
        assert self.response.status_code == code, \
            f"Expected {code}, got {self.response.status_code}"
        return self

    def body(self, key, matcher):
        data = self.response.json()
        assert_that(data.get(key), matcher)
        return self


Get Oeration

In [None]:
# Usage

api = RestAssured("https://jsonplaceholder.typicode.com")

res =   api.given() \
          .when("GET", "/posts/1")   \
          .then() \
          .statusCode(200) \
          .body("title", "sunt aut facere repellat provident occaecati excepturi optio reprehenderit")  \
          .body("userId", 1)

print("✅ Get passed")

{'userId': 1, 'id': 1, 'title': 'sunt aut facere repellat provident occaecati excepturi optio reprehenderit', 'body': 'quia et suscipit\nsuscipit recusandae consequuntur expedita et cum\nreprehenderit molestiae ut ut quas totam\nnostrum rerum est autem sunt rem eveniet architecto'}
200
✅ Get passed


POST Operation

In [None]:
api = RestAssured("https://jsonplaceholder.typicode.com")

api.given(
    body={"title": "foo", "body": "bar", "userId": 1}
).when("POST", "/posts") \
 .then() \
 .statusCode(201) \
 .body("title", "foo") \
 .body("userId", 1)
print("✅ POST passed")

{'title': 'foo', 'body': 'bar', 'userId': 1, 'id': 101}
201
✅ POST passed


Put Operation

In [None]:
api.given(
    body={"id": 1, "title": "updated", "body": "bar", "userId": 1}
).when("PUT", "/posts/1") \
 .then() \
 .statusCode(200) \
 .body("title", "updated")

print("✅ Put passed")

{'id': 1, 'title': 'updated', 'body': 'bar', 'userId': 1}
200
✅ Put passed


Delete Operations

In [None]:
api.given().when("DELETE", "/posts/1") \
 .then() \
 .statusCode(200)

print("✅ DELETE passed")

{}
200
✅ DELETE passed
