subodh's blog

RestAssured #5 - Anatomy of REST APIs

RestAssured #5 - Anatomy of REST APIs

1. Monolithic vs Microservice Architecture 2. RESTful Architecture 3. HTTP 4. Anatomy of REST APIs

SUBODH SINGH's photo
SUBODH SINGH
·

5 min read

Monolithic vs. Microservices Architecture

img.png

REST Application Architecture

A typical REST application architecture

image.png

RESTful Architecture

REST stands for REpresentational State Transfer. A REST service meets the RESTful constraints called a RESTful service.

A REST service that meets the constraints of RESTful architecture is called a RESTful service. The constraints are as follows:

  • Client-server architecture - It supports the separation of responsibilities. The client is independent of the server. The client or the user interface can be developed independently without knowing the internal details of the server and its functions.
  • Statelessness - The server is not required to know or maintain the state/session of the request. Its basic job is to provide the response without tracking the source with a session. This is achieved by the HTTP protocol.
  • Caching - It helps in improving performance. If the same request is coming from various users, it can be cached. HTTP has a feature that helps in caching the responses. This helps the server to be more efficient.
  • Use of a layered system - It helps for debugging the root cause quickly.
  • Uniform interface - A uniform interface is fundamental to the RESTful architecture. It ensures that resources are identified based on the URI, such as /api/v1/products.
  • Support for code on demand

RESTful architecture uses HTTP as the protocol for communication between the client and the server. Since HTTP is a stateless protocol, RESTful architecture aims for scalability and performance, and since HTTP internally calls TCP for the connection between client and server, it is reliable as well.

HTTP

  • http (HyperText Transfer Protocol) is used for communication between the client and server in a typical web application.
  • http is an application layer protocol that works over a TCP. TCP is most reliable protocol as it ensures that packets are sent/received without any data loss. In case of loss, error message will be sent to the receiver.
  • The http protocol fetches the resource from the server based on the request, by establishing a connection with the server. This is done by three-way communication between the client and the server over a TCP layer. The client sends a connection request on a given port to the server. The server acknowledges that the request is received and then the client acknowledges the same. Once the connection is established, the client can send multiple requests over HTTP and the server will send the response to each request.
  • The HTTP protocol is simple, extensible, and stateless. The server does not remember the state of the request. It just sends the requested data and opens for new requests.
  • HTTP supports a caching mechanism. Clients can send information in the request header to store the response in a cache for a stipulated amount of time for later use for faster performance.

What is Three-way handshake?

A three-way handshake (TCP/IP handshake) is the first three interactions between a client and a server trying to establish a TCP connection. These initial interactions are essential in making a secure connection. At this phase, both client and server will agree on parameters that they will use to check and verify incoming and outgoing packets of data. These parameters will be in the form of TCP segments.

image.png

Source - makeuseof.com/what-is-three-way-handshake-h..

Anatomy of REST APIs

Headers

Headers are a part of each HTTP request/response, and they define the flow of the information between the client and server and they represent the metadata associated with API.

Headers are logically grouped into three categories: request headers, response headers, and general headers.

  1. Request Header - Request headers mainly have Authorization, Host, Accept, Accept-Language, Accept-Encoding, and Content-Type fields. The Authorization field is used for authentication with the server. It specifies that the request is coming from the authorized client.
  2. Response Header - Response headers have Expires, Content-Length, Content-Type, Cache-Control, Date, and Keep-Alive fields. Content-Type provides the response type format, such as whether the response is in JSON or plain text. Keep-Alive is the timeout in seconds that is the allowed time for a connection to remain open.
  3. General Header - General headers have information about the Request URL, Request Method, Status Code, Remote Address, and Connection.

Requests

The client starts communication with the server using HTTP request. Below are components of http requests -

  1. Request method
  2. Resource address or URI
  3. Request header
  4. Request body

Request Method

They specify the action client wants to perform on the server resource. Below are different request methods supported in HTTP.

image.png

Source - javascript.plainenglish.io/http-request-met..

Resource Address

A resource address is defined by a URI, where URI stands for Uniform Resource Identifier. It is the identifier of the resource on the server, called as the endpoint of the service, such as /api/v1/products.

Request Headers

A request header contains an authentication field, which authenticates the request on the server, and Content-Type, which specifies the type of content expected from the server resource.

Request Body

It contains the details of resource to be created (POST) or updated (PUT/PATCH) and it has a format (usually format is in JSON or XML) which is understood by the service endpoint.

Below are example of request body which contains product details to be created like product id, name and price. 

{

   "productId": 1001,

   "product_name": "iPad",

   "product_price": 500

}

Response

When client sends a request, server sends the response. It has

  • Status Line - The status line lists the protocol version, the return status code, and the status text.
  • Response Header - The response header contains the information sent by the server to define the response message, such as Content-Length and Content-Type.
  • Response Body - The response body is the response message that is sent by the server to the client based on the request on the given resource.

For all request methods, the HTTP response has the same format of status line, response headers, and a response body.

Response Code

HTTP response status codes indicate whether a specific HTTP request has been successfully completed. Responses are grouped in five classes:

  • Information: 1XX-199
  • Success: 2XX-299
  • Redirect: 3XX-399
  • Error from client: 4XX-499
  • Error from server: 5XX-599

Check this link for more details - developer.mozilla.org/en-US/docs/Web/HTTP/S..

Reference - Learn API Testing: Norms, Practices, and Guidelines for Building Effective Test Automation (Book)

Did you find this article valuable?

Support SUBODH SINGH by becoming a sponsor. Any amount is appreciated!

API TESTING