Tools for Rest API


Tools For Rest API

DESIGN

A good documentation and healthy rest API request response makes the application more robust, easy to develop, test and maintain. There are three services I came across, that not only document but gives you a testing sandbox from your services and will help your applications grow with managed design and architecture.

Testing

Rest Clients

There are many rest clients for chrome and Firefox but the one I liked most is postman as a packaged application. Some of it’s salient features are:

  • it allows you to create cURL scripts out of your requests.
  • it allows you to manage environments by introducing variables such as {{baseURL}} which can be different for Production, QA and development.
  • You can save the responses in the paid version.
  • Has a proxy mode and authentication.

HTTP DEBUGGERS

Although rest clients allow you to send the requests and receive the response, HTTP Debuggers allow you to see what happens under the hood and act on the data. Example if a server responds you with JSON, you can intercept it and convert it into XML before the responds reaches the client. You need to configure For chrome to send the requests through this proxy. Some debuggers are:

  • Burp – Good for intercepting requests and responses and for testing security like adding JavaScript in the response.
  • Fiddler
  • Charles

Packet Sniffers

To see what is going on the network interfaces at a much lower level. No need to setup proxy and you can filter by http. You will see data in TCP packets so it will be a breakdown of data. To see the actual request and response, you can right click and click on “Follow TCP Streams” to see the combination of data presented as one request.

  • Wireshark

 HTTP

HTTP CACHING

The client (browser) can cache data based on the HTTP Expires tag. The server can set the Expires tag (HTTP 1.0) and Cache-Control (HTTP 1.1) with HTTP Response. It applies to HTML files, images and resources. Using cache-control you can set the time the resource should be cached (max-age — local client), you can also set the cache-control for proxy (s-maxage). The advantage is less network calls and the disadvantage is stale data. In the case where there is authorization in headers or https, browser doesn’t use caching even if the headers are present.

Validation Caching

To cache personalized resources where expiration caching doesn’t help, validation caching is used. The response has an E-Tag with a certain value. Example, e-tag:4x4hij. Until this e-tag doesn’t change all the client requests coming for the resource are sent back with 304 (Not Modified). The same works with Last-Modified and If-Modified-Since.

 Performance Testing

There are good cloud based load testing tools, that can do stress test to the API.

Monitoring

  •  Splunk
  • Loggly

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s