Interviewer: Can you tell me something about interface testing? How to do interface tests? That got him a thumbs up!

Content Outline:

1. What is an interface?

2. What are the types of interfaces?

3. What is the nature of interfaces?

4. What is interface testing?

5. What is the interface test?

6. How do I perform interface tests?

7. What is the interface test point?

8. What do you need to know about interface testing?

9. Other relevant knowledge?

Give him a thumbs-up when you say Python interface tests!

Video teaching: www.bilibili.com/video/BV16A…

1. What is an interface?

Interface test is mainly used for the interaction points between the external system and the system as well as between the internal subsystems, define specific interaction points, and then through these interaction points, through some special rules that is protocol, to carry out data interaction.

2. What are the types of interfaces?

Interfaces are generally divided into two types: 1. Internal interface of the program 2. External interface of the system

External interface of the system: for example, if you want to get resources or information from other websites or servers, others will not share the database with you. They can only provide you with a method to obtain data written by them. You can use the interface provided by him to achieve the purpose of data sharing.

Within the program interface: between the approach and method, the interaction between the module and module, thrown within the program interface, such as BBS system, has the login module, Posting module, etc., that you want to post you must login first, then the two modules have to have interaction, it throws an interface, the calling for internal system.

Interfaces are classified as follows: webService interface 2. HTTP API interface

The webService interface is transmitted through HTTP through SOAP protocol, and the request message and return message are in XML format. We use the tool to call and test when testing.

HTTP API uses THE HTTP protocol to distinguish the invocation methods by the path. The request packets are in the form of key-value, and the return packets are usually JSON strings, including get and POST, which are the two most commonly used request methods.

Json is a universal data type that all languages recognize. (Json is essentially a string that has nothing to do with any other language, but can be converted to a dictionary in Python, key-value form, native object in JavaScript, Java class object, etc.)

3. What is the nature of interfaces and how they work?

A URL sends something to the server through a GET or POST request, and then returns some corresponding value. In essence, it is the transmission and reception of data.

4. What is interface testing?

Interface test is a test to test the indirect interface of a system component. Interface testing is mainly used to detect the interaction points between external systems and internal subsystems. The focus of the test is to check the data exchange, transfer and control management process, as well as the logical interdependence between systems.

— Baidu Baike

In short, we send the data we want to send through urls like servers or other modules and see if they return what we expect.

5. What is the interface test?

1. The more low-level a bug is found, the lower its repair cost is.

2. The front end is randomly changed, the interface is measured, the back end is not changed, the front end is developed by two groups of people.

3. Check the security and stability of the system. The front-end parameter transmission is not credible, for example, jingdong Shopping.

4. Nowadays, with the increasing complexity of the system, the cost of the traditional test method increases sharply and the test efficiency drops sharply. Interface test can provide a solution to this situation.

5. Interface test is relatively easy to realize automatic continuous integration, and relatively stable compared with UI automation, which can reduce the labor cost and time of manual regression test, shorten the test cycle, and support the demand of back-end rapid release. Continuous interface integration is the source of low cost and high benefit.

6. At present, the front and back end architectures of many systems are separated. From the perspective of security:

(1) Only relying on the front end to limit has been completely unable to meet the security requirements of the system (it is too easy to bypass the front), the need for back-end control, in this case, it is necessary to verify from the interface level.

(2) Whether the information transmitted at the front and back end, log printing and other information is encrypted transmission also needs to be verified, especially involving the user’s privacy information, such as ID card, bank card, etc.

6. How do I perform interface tests?

— Since the front-end and back-end calls of our project are mainly interfaces based on HTTP protocol, the testing of interfaces is mainly to simulate the sending and receiving of HTTP requests through tools or codes. There are many tools such as postman, jmeter, soupUI, Java +httpclient, robotframework+httplibrary and so on.

It can also be done with interface automation, which is code, framework and UI automation, where requests are judged by assertions.

7. What is the interface test point?

Objective: To test the correctness and stability of the interface;

Principle: Simulate the client to send a request message to the server, the server receives the request message to the corresponding message to do processing and return to the client, the client receives the response process;

Key points: check the data exchange, transfer and control management process, including the number of processing;

Core: Continuous integration is the core of interface testing;

Advantages: Bring efficient defect monitoring and quality supervision capabilities to highly complex platforms. The more complex the platform and the larger the system, the more obvious the effect of interface testing (improve test efficiency, improve user experience, reduce research and development costs);

Key points of use case design: normally, the two outermost interfaces are mainly tested: data interface into the system (the parameters of calling external systems are used by the system) and data interface out of the system (to verify whether the data processed by the system is normal);

PS: When designing use cases, we also need to pay attention to what functions external interfaces provide to external users using these interfaces, and what functions external users really need;

Question 1.1. What are back-end interfaces tested for?

— To answer this question, we can start from the perspective of interface testing activities, and take a look at the following chart, which basically reflects the main content of our project back-end interface testing:

Question 2. The back-end interface is tested once, and the front end is tested again. Is the test repeated?

— To answer this question, we can directly compare the content of interface testing with that of app side testing activities, as shown below:

As can be seen from the comparison of the two figures above, the same parts of the two testing activities include functional testing, boundary analysis testing and performance testing, while the other parts need special testing due to their different characteristics or concerns, which will not be discussed here. Next, we will analyze the same contents in the above three parts:

1. Basic function test:

Because it is for the basic business function test, so this part is the highest degree of overlap between the two tests, and the development students usually refer to this part.

2. Boundary analysis test:

Consider input and output boundary conditions based on basic functional testing, which may have duplicated parts (such as business rule boundaries). But the front end of the input and output are provided to the value for the user to select (box), in this case the boundary of the test is very limited, but the interface test is no limit in this respect, relatively interface can cover a wider range, the same, the interface problems probability is also higher.

3. Performance test:

This one is relatively easy to distinguish, although both require performance testing, but the focus is quite different. The performance of the App side is mainly concerned with phone-related features, such as MOBILE CPU, memory, flow rate, FPS, etc. Interface performance is mainly concerned with interface response time, concurrency, and server resource usage. The strategies and methods of the two tests are quite different, so this section should be tested separately and theoretically separately.

Review:

1. The activities of interface test and APP test are partly repetitive, mainly focusing on business function test. In addition, the tests for each feature are different, and targeted tests are needed to ensure the quality of the whole product.

2. Interface test can focus on server logic verification, while UI test can focus on page display logic and interface front end and server integration verification

3. Interface test continuous integration:

For interface test, continuous integration automation is the core content, we can achieve low cost and high income by means of automation. At present, we have realized interface automation, which is mainly applied in the regression stage. The degree of automation needs to be strengthened in the future, including but not limited to the following contents:

A) Process: in the regression stage, the coverage of abnormal interface scenarios is strengthened, and gradually extended to the system test and smoke test stages, and finally achieve the automation of the whole process.

B) Results presentation: richer results presentation, trend analysis, quality statistics and analysis, etc

C) Problem location: more accurate error information and logs are reported to facilitate problem recurrence and location.

D) Result verification: strengthen automatic verification ability, such as database information verification.

E) Code coverage: Constantly try to explore from the current black box to the white box to improve code coverage.

F) Performance requirements: Improve the performance testing system and monitor the interface performance indicators through automated means.

4. Assessment criteria for interface test quality:

A) Whether business function coverage is complete

B) Whether business rule coverage is complete

C) Parameter verification meets requirements (boundaries, business rules)

D) Whether the coverage of interface exception scenarios is complete

E) Whether the interface coverage meets the requirements

F) Whether the code coverage meets the requirements

G) Whether the performance indicators meet the requirements

H) Whether the safety indicators meet the requirements

8. What do you need to know about interface testing?

① Understand the business logic interaction between the system and internal components;

② Understand the I/O (input/output) of the interface;

3. Understand the basic content of the protocol, including: communication principle, three-way handshake, common protocol types, message composition, data transmission mode, common status code, URL composition, etc.

4) Common interface testing tools, such as JMeter, LoadRunner, Postman, soapUI, etc.

⑤ Database basic operation commands (check data entry, extract test data, etc.);

⑥ Common character types such as char, vARCHar, text, int, float, datatime, string, etc.

How do you learn these skills?

(1) Business interaction logic between systems: through demand documents, flow charts, mind maps, communication and many other channels and methods;

② Protocols: I recommend illustrated HTTP, which is a relatively entry-level book with vivid content. Other books include Illustrated TCP, IP, etc.

3) Interface testing tools: Baidu these tools, and you will find a lot of teaching blogs, related problem solving solutions, and some books based on tools, of course, it is important to choose the right book;

④ Database operation command: learning website (W3C, rookie tutorial), teaching blog, and some database related books, entry-level recommendation: “mysql will know will”, “Oracle PL/SQL will know will” and so on

⑤ character type: or Baidu, there is a sentence so said: internal affairs do not ask Baidu, foreign affairs do not ask Google…

How do I obtain interface information?

General enterprise, will be developed or the corresponding technical responsible personnel to prepare interface documents, which will indicate the interface related address, parameter type, method, input, output and other information, if not, try to get…

Eight elements of an interface document:

Cover: The cover should be the cover stipulated by the company, with logo, title, version number, company name and document generation date.

Revision history: the form is better, including: version, revision description, revision date, revision person, audit time auditor, etc.;

Interface information: interface invocation mode, commonly used GET/POST mode, and interface address.

Function description: Briefly and clearly describes the functions of the interface. For example, the information obtained by the interface is not included.

Interface parameter Description: Each parameter must be the same as the actual call, including case. The meaning of the parameter is a brief description of the format, whether it’s string or int or long;

In the description part, it explains where the parameter value needs to be provided, and explains in detail how the parameter is generated, such as the timestamp, which time period, whether the parameter is mandatory, some parameters are mandatory, some are optional, etc.

Return value description:

① It is better to have a template return value and explain the meaning of each return parameter;

② Provide a real call interface, real return value;

Call restrictions, security aspects:

As long as the two parties use the same encryption algorithm, the interface can be invoked to ensure the security of interface invocation, such as md5.

Document maintenance: in the maintenance of the document, if there is any modification, it must write the modification date, the modification person, and the version number change for the major modification

9. Other relevant knowledge?

Get request, POST request difference:

1. GET uses URL or Cookie to pass parameters. POST puts the data in the BODY.

2. The URL of GET has a length limit, so the data of POST can be very large.

3. POST is safer than GET because data is not visible in the address bar.

4. Get requests are used to get data, and POST requests are used to send data.

Post requests can also put data in urls. Get requests have no length limit. Post requests seem to have implicit parameters, which are a little bit more secure, but that’s only for white users. You can also capture parameters by capturing packets. (The only difference is this, the above 3 differences are all inaccurate)

HTTP status code:

Values starting with 200 and 2 indicate that the request was sent successfully. The most common is 200, which indicates that the request was ok and the server returned it.

2, 300 3 represents redirection, the most common is 302, redirect the request somewhere else.

400 400 indicates that the request sent by the client has a syntax error, 401 indicates that the page is not authorized, 403 indicates that the page is not authorized, and 404 indicates that the page is not available.

500 indicates that the server is abnormal. 500 indicates that the server is abnormal. 504 indicates that the server times out and no result is returned.

Webservice interface test:

It doesn’t need you to compose the message, it will give you the address of a WebService, or WSDL file, directly import from soapUI, you can see all the interfaces in the WebService, also have the message, directly fill in the parameter call, and see the result.

The difference between cookies and sessions:

1. Cookie data is stored in the client’s browser, and session data is stored on the server.

2. Cookies are not very secure. Others can analyze cookies stored locally and cheat cookies

Sessions should be used for security reasons.

3. Sessions are stored on the server for a certain period of time. When the number of visits increases, it takes a lot of performance out of your server

Cookies should be used to alleviate server performance.

4. The data saved by a single cookie cannot exceed 4K. Many browsers limit the maximum number of cookies saved by a site to 20.

5. Personal suggestions:

Store important information such as login information as session

Other information can be stored in cookies if needed

Finally:

Welcome to pay attention to my public number: Programmer Yifan