This project involves REST API testing on Swagger Note API using Postman
v11.14.0. The Note API operates by creating a user account and facilitating login. After successful login, it generates a dynamic authentication token known as x-auth-token
. Subsequently, authorization is required to access specific resources, such as creating, retrieving notes and all of other endpoints.
- Covered all API endpoints for both
positive and negative scenarios
except two of them. (Reason explain on what are not tested section) - All API requests are organized under
collection
folder properly so that they can be executed using a Postman's "Run collection" feature without the need to manually run each API one by one. - Validate response data through different types of assertions, such as
response code, response time, response header, JSON schema validation and more
. - Handle dynamic elements like the
token key
, which changes every time during a new login, by storing the captured token in anenvironment variable
each time a new token is generated and updating it with the last one. - Implemented the concept of
API chaining
, where the output of one request serves as the input for the next, specifically between the register and login requests, as well as between creating a note and retrieving a note by ID. - Identified
11 medium and 3 critical bugs
. - Generate HTML report using
Newman Report Generator
. The report is generated in thenewman
folder.
- 2 API endpoints
Forget password
andVerify reset password token
are not tested becauseForget password
doesn't sent password reset link to the email despite email being correct. NOTE: This feature was working before but now its not working.
The first challenge I faced was during the forgot password
process. The server sent a password reset link to an email address. However, during the Verify reset password token
step, it was confusing to determine which token to insert for verification. I later realized that the token value was located at the end of the password reset link after the ‘/’ character.
The second challenge I faced was capturing the partial token value from a password reset link (for example, a password reset link looks like https://URL/token-key-to-reset). My plan was to parse the response, capture that partial value, and store it inside environment variables. So, I used the Google Cloud Console
to generate a client ID
and client secret
and logged in with my Gmail ID on Postman, but that specific link was not visible in Postman. So, I completed the process by manually copying the token value
from my Gmail and verifying the token to reset the password, which I failed to do automatically through Postman.
- Clone the project repository using below command or Alternatively, you can download the project as a ZIP file and extract it.
git clone https://github.com/prabesh-mah/Swagger-Note-API-Postman
- After downloading and extracting the project files, launch Postman and create a new Workspace.
- Import the collection file into your newly created workspace. To do this, click on
Import
, which is located just below theAPI Network
button on top LHS menu bar. A dialog box will open up where browse or drag and drop the file nameSwagger Note API.postman_collection.json
. - Next, navigate to the 'Environment' section, which is located on the left-hand side (LHS) below the collection.
- Import the environment variable file in the same manner as you did for the collection file. The file you need to import is named
Swagger Note Variables.postman_environment.json
. - Now, you're all set to start testing the API, Notice to set the environment variable as
QA-Environment
located on top RHS below maximize button.
Information such as Name
Email
Password
and some of the others are automatically generated using Postman’s built-in keywords like $randomFullName
, randomPassword
and $randomEmail
. After hitting API request and getting the response these values are stored in the environment variables
through assertion
for further validation. During validation, I used assertions to retrieve the same stored value that was stored in evironment variable and performed the validation.
Similarly after login, the token key
is generated by the server-side as a response for authorization to access all of the other endpoints. The token value is dynamic, changing every time a new login occurs. This dynamic token value is also automatically handled by assertions
, ensuring that the new token value is stored in the ‘token’ variable everytime a user logins.
Whereas some of the variable names like validEmail, password, weakpassword, newPassword, newName, contact, company, note details
can be updated as per your needs as they were static and hard-coded.
newman run "Swagger Note API.postman_collection.json" -e "QA-Environment.postman_environment.json" -r htmlextra
Report will be generated in .html
format so open it via. any prefered browser to see the detailed report. The detailed description is also included within the Postman documentation
, ensuring that each request comes with an explanation that makes it easy to understand what is happening with each request.
This is the Postman Collection runner video via. postman-app
.
Video
This GitHub summary provides an overview of the load testing implementation on the Swagger Note API using JMeter
v5.6.3. The API endpoint and payload data were stored in user-defined variables for easy access and modification. Request headers, including Content-Type and Authorization
, were managed through the HTTP Header Manager
.
To extract dynamic values from the JSON responses, a JSON Extractor
was added as a Post-Processor
. This allows for capturing specific fields from the response using JSON Path expressions
. For example, variables were created to store note IDs and token
extracted from the JSON response, ensuring that these values could be reused in subsequent requests.
A constant time delay has also been added to each request to simulate human interaction, making the testing process more realistic
Assertions were implemented to validate both the status codes and response bodies, confirming that the API operates as expected under load. Finally, reports were generated to analyze test results, including assertion outcomes. This comprehensive approach ensures effective performance evaluation of the Swagger Note API.
Although the email address is valid, the API does not send a password reset link, so I used a random email.
jmeter -n -t jmeter-load-test/swagger-note-api-load-test.jmx -l 'jmeter-load-test/result/result.csv'
where,
- -n specifies that JMeter should run in non-GUI mode.
- -t is followed by the path to your .jmx file, which contains the test plan.
- -l specifies the location where the results will be logged.
For demonstration purposes, the execution video currently simulates only one user to reduce recording time. The execution video for simulating multiple users will soon be uploaded along with the report file. Video