How It Works
In a nutshell, Dredd does following:
- Takes your API description document,
- creates expectations based on requests and responses documented in the document,
- makes requests to tested API,
- checks whether API responses match the documented responses,
- reports the results.
Dredd follows Semantic Versioning. To ensure certain stability of your Dredd installation (e.g. in CI), pin the version accordingly. You can also use release tags:
npm install dredd- Installs the latest published version including experimental pre-release versions.
npm install dredd@stable- Skips experimental pre-release versions. Recommended for CI installations.
User-Agent header isn’t overridden in the API description document, Dredd uses it for sending information about its version number along with every HTTP request it does.
Execution Life Cycle
Following execution life cycle documentation should help you to understand how Dredd works internally and which action goes after which.
- Load and parse API description documents
- Report parse errors and warnings
- Pre-run API description check
- Missing example values for URI template parameters
- Required parameters present in URI
- Report non-parseable JSON bodies
- Report invalid URI parameters
- Report invalid URI templates
- Compile HTTP transactions from API description documents
- Inherit headers
- Inherit parameters
- Expand URI templates with parameters
- Load :ref:`hooks <hooks>`
- Test run
- Report test run
- For each compiled transaction:
- Send HTTP request
- Receive HTTP response
- :ref:`Perform validation <automatic-expectations>`
test endwith result for in-progress reporting
- Report test run
- Report test run
endwith result statistics
Response Headers Expectations
- All headers specified in the API description must be present in the response.
- Names of headers are validated in the case-insensitive way.
- Only values of headers significant for content negotiation are validated.
- All other headers values can differ.
produces(:openapi2:`swaggerproduces`) is propagated as response’s
Content-Typeheader overrides any
Response Body Expectations
If the HTTP response body is JSON, Dredd validates only its structure. Bodies in any other format are validated as plain text.
To validate the structure Dredd uses `JSON Schema`_ inferred from the API description under test. The effective JSON Schema is taken from following places (the order goes from the highest priority to the lowest):
- :apib:`Schema <def-schema-section>` section - provided custom JSON Schema (`Draft 4 <JSON Schema Draft 4_>`__, `Draft 6 <JSON Schema Draft 6_>`__, and `Draft 7 <JSON Schema Draft 7_>`__) will be used.
- :apib:`Attributes <def-attributes-section>` section with data structure description in `MSON`_ - API Blueprint parser automatically generates JSON Schema from MSON.
- :apib:`Body <def-body-section>` section with sample JSON payload - `Gavel`_, which is responsible for validation in Dredd, automatically infers some basic expectations described below.
response.schema(:openapi2:`responseschema`) - provided JSON Schema will be used.
response.examples(:openapi2:`responseexamples`) with sample JSON payload - `Gavel`_, which is responsible for validation in Dredd, automatically infers some basic expectations described below.
- All JSON keys on any level given in the sample must be present in the response’s JSON.
- Response’s JSON values must be of the same JSON primitive type.
- All JSON values can differ.
- Arrays can have additional items, type or structure of the items is not validated.
- Plain text must match perfectly.
Making Your API Description Ready for Testing
It’s very likely that your API description document will not be testable as is. This section should help you to learn how to solve the most common issues.
Both `API Blueprint`_ and `OpenAPI 2`_ allow usage of URI templates (API Blueprint fully implements RFC 6570, OpenAPI 2 templates are much simpler). In order to have an API description which is testable, you need to describe all required parameters used in URI (path or query) and provide sample values to make Dredd able to expand URI templates with given sample values. Following rules apply when Dredd interpolates variables in a templated URI, ordered by precedence:
- Sample value, in OpenAPI 2 available as the
x-examplevendor extension property (:ref:`docs <example-values-for-request-parameters>`).
- Value of
- First value from
If Dredd isn’t able to infer any value for a required parameter, it will terminate the test run and complain that the parameter is ambiguous.
The implementation of API Blueprint’s request-specific parameters is still in progress and there’s only experimental support for it in Dredd as of now.
In `OpenAPI 2`_ documents, HTTP headers are inferred from
"in": "header" parameters (:openapi2:`parameterobject`). HTTP headers significant for content negotiation are inferred according to following rules:
consumes(:openapi2:`swaggerconsumes`) is propagated as request’s
produces(:openapi2:`swaggerproduces`) is propagated as request’s
- If request body parameters are specified as
"in": "formData", request’s
Content-Typeheader is set to
The effective request body is taken from following places (the order goes from the highest priority to the lowest):
- :apib:`Body <def-body-section>` section with sample JSON payload.
- :apib:`Attributes <def-attributes-section>` section with data structure description in `MSON`_ - API Blueprint parser automatically generates sample JSON payload from MSON.
The effective request body is inferred from
"in": "body" and
"in": "formData" parameters (:openapi2:`parameterobject`).
If body parameter has
schema.example (:openapi2:`schemaexample`), it is used as a raw JSON sample for the request body. If it’s not present, Dredd’s OpenAPI 2 adapter generates sample values from the JSON Schema provided in the
schema (:openapi2:`parameterschema`) property. Following rules apply when the adapter fills values of the properties, ordered by precedence:
- Value of
- First value from
- Dummy, generated value.
Empty Response Body
If there is no body example or schema specified for the response in your API description document, Dredd won’t imply any assertions. Any server response will be considered as valid.
If you want to enforce the incoming body is empty, you can use :ref:`hooks <hooks>`:
In case of responses with 204 or 205 status codes Dredd still behaves the same way, but it warns about violating the RFC 7231 when the responses have non-empty bodies.
Choosing HTTP Transactions
While `API Blueprint`_ allows specifying multiple requests and responses in any combination (see specification for the :apib:`action section <def-action-section>`), Dredd currently supports just separated HTTP transaction pairs like this:
+ Request + Response + Request + Response
In other words, Dredd always selects just the first response for each request.
Improving the support for multiple requests and responses is under development. Refer to issues :ghissue:`#25` and :ghissue:`#78` for details. Support for URI parameters specific to a single request within one action is also limited. Solving :ghissue:`#227` should unblock many related problems. Also see :ref:`multiple-requests-and-responses` guide for workarounds.
The `OpenAPI 2`_ format allows to specify multiple responses for a single operation. By default Dredd tests only responses with
2xx status codes. Responses with other codes are marked as skipped and can be activated in :ref:`hooks <hooks>` - see the :ref:`multiple-requests-and-responses` how-to guide.
produces (:openapi2:`swaggerproduces`) and
consumes (:openapi2:`swaggerconsumes`), only JSON media types are supported. Only the first JSON media type in
produces is effective, others are skipped. Other media types are respected only when provided with :openapi2:`explicit examples <responseexamples>`.
:openapi2:`Default response <responsesdefault>` is ignored by Dredd unless it is the only available response. In that case, the default response is assumed to have HTTP 200 status code.
Depending on what you test and how, output of Dredd may contain sensitive data.
- Complete API description under test. This means your API Blueprint or OpenAPI 2 files. The API description is stored encrypted in Apiary.
- Complete testing results. Those can contain details of all requests made to the server under test and their responses. Apiary stores this data unencrypted, even if the original communication between Dredd and the API server under test happens to be over HTTPS. See :ref:`Apiary Reporter Test Data <apiary-reporter-test-data>` for detailed description of what is sent. You can :ref:`sanitize it before it gets sent <removing-sensitive-data-from-test-reports>`.
- Little meta data about your environment. Contents of environment variables
DREDD_HOSTNAMEcan be sent to Apiary. Your hostname, version of your Dredd installation, and type, release and architecture of your OS can be sent as well. Apiary stores this data unencrypted.
Using HTTP(S) Proxy
You can tell Dredd to use HTTP(S) proxy for:
- downloading API description documents (the positional argument :option:`api-description-document` or the :option:`--path` option accepts also URL)
- :ref:`reporting to Apiary <using-apiary-reporter-and-apiary-tests>`
no_proxy environment variables. For more information on how those work see relevant section of the underlying library’s documentation.
Dredd intentionally does not support HTTP(S) proxies for testing. Proxy can deliberately modify requests and responses or to behave in a very different way then the server under test. Testing over a proxy is, in the first place, testing of the proxy itself. That makes the test results irrelevant (and hard to debug).