Email Subscription Form

Saturday, March 7, 2020

API Contract Testing Made Easy

As software becomes increasingly complex, more and more companies are turning to APIs as a way to organize and manage their application's functionality.  Instead of being one monolithic application where all changes are released at once, now software can be made up of multiple APIs that are dependent upon each other, but which can be released separately at any time.  Because of this, it's possible to have a scenario where one API releases new functionality which breaks a second API's functionality, because the second API was relying on the first and now something has changed.

The way to mitigate the risk of this happening is through using API contract tests.  These can seem confusing: which API sets up the tests, and which API runs them?  Fortunately after watching this presentation, I understand the concept a bit better.  In this post I'll be creating a very simple example to show how contract testing works.


Let's imagine that we have an online store that sells superballs.  The store sells superballs of different colors and sizes, and it has uses three different APIs to accomplish its sales tasks:

Inventory API:  This API keeps track of the superball inventory, to make sure that orders can be fulfilled.  It has the following endpoints:
  • /checkInventory, which passes in a color and size and verifies that that ball is available
  • /remove, which passes in a color and size and removes that ball from the inventory
  • /add, which passes in a color and size and adds that ball to the inventory

Orders API:  This API is responsible for taking and processing orders from customers.  It has the following endpoints:
  • /addToCart, which puts a ball in the customer's shopping cart
  • /placeOrder, which completes the sale

Returns API:  This API is responsible for processing customer returns.  It has the following endpoint:
  • /processReturn, which confirms the customer's return and starts the refund process

Both the Orders API and the Returns API are dependent on the Inventory API in the following ways:
  • When the Orders API processes the /addToCart command, it calls the /checkInventory endpoint to verify that the type of ball that's been added to the cart is available
  • When the Orders API processes the /placeOrder command, it calls the /remove command to remove that ball from the inventory so it can't be ordered by someone else
  • When the Returns API runs the /processReturn command, it calls the /add command to return that ball to the inventory

In this example, the Inventory API is the producer, and the Orders API and Returns API are the consumers.  

It is the consumer's responsibility to provide the producer with some contract tests to run whenever the producer makes a code change to their API.  So in our example:

The team who works on the Orders API would provide contract tests like this to the team who works on the Inventory API:
  • /checkInventory, where the body contained { "color": "purple", "size": "small" }
  • /remove, where the body contained { "color": "red", "size": "large" }

The team who works on the Returns API would provide an example like this to the team who works on the Inventory API:
  • /add, where the body contained { "color": "yellow", "size": "small" }

Now the team that works on the Inventory API can take those examples and add them to their suite of tests.  

Let's imagine that the superball store has just had an update to their inventory. There are now two different kinds of bounce levels for the balls: medium and high.  So the Inventory API needs to make some changes to their API to reflect this.  Now a ball can have three properties: color, size, and bounce.  

The Inventory API modifies their /checkInventory, /add, and /remove commands to accept the new bounce property.  But the developer accidentally makes "bounce" a required field for the /checkInventory endpoint.  

After the changes are made, the contract tests are run.  The /checkInventory test contributed by the Orders API fails with a 400 error, because there's no value for "bounce".  When the developer sees this, she finds her error and makes the bounce property optional.  Now the /checkInventory call will pass.  

Without these contract tests in place, the team working on the Inventory API might not have noticed that their change was going to break the Orders API.  If the change went to production, no customer would be able to add a ball to their cart!

I hope this simple example illustrates the importance of contract testing, and the responsibilities of each API team when setting up contracts.  I'd love to hear about how you are using contract testing in your own work!  You can add your experiences in the Comments section.

18 comments:

  1. That was interesting and quite clear.
    Just wondering whether you’ve tried this approach and what software were you using? I hear a lot about Pact, but there’s also Spring Cloud Contracts and apparently Postman can also be used in this way.

    ReplyDelete
    Replies
    1. I'm glad you liked my post, Nitbuntu! I haven't tried setting up contract testing yet, but when I do, I plan to use Postman.

      Delete
    2. Hey Guys !

      USA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
      All Leads have genuine & valid information

      **HEADERS IN LEADS**
      First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address

      *Price for SSN lead $2
      *You can ask for sample before any deal
      *If anyone buy in bulk, we can negotiate
      *Sampling is just for serious buyers

      ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
      ->$5 PER EACH

      ->Hope for the long term deal
      ->Interested buyers will be welcome

      **Contact 24/7**
      Whatsapp > +923172721122
      Email > leads.sellers1212@gmail.com
      Telegram > @leadsupplier
      ICQ > 752822040

      Delete
    3. Hello all
      am looking few years that some guys comes into the market
      they called themselves hacker, carder or spammer they rip the
      peoples with different ways and it’s a badly impact to real hacker
      now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
      Anyone want to make deal with me any type am available but first
      I‘ll show the proof that am real then make a deal like

      Available Services

      ..Wire Bank Transfer all over the world

      ..Western Union Transfer all over the world

      ..Credit Cards (USA, UK, AUS, CAN, NZ)

      ..School Grade upgrade / remove Records

      ..Spamming Tool

      ..keyloggers / rats

      ..Social Media recovery

      .. Teaching Hacking / spamming / carding (1/2 hours course)

      discount for re-seller

      Contact: 24/7

      fixitrogers@gmail.com

      Delete
  2. The pact documentation talks about comparison between contract testing and functional testing here: https://docs.pact.io/consumer/contract_tests_not_functional_tests

    and I have not been able to wrap my head around it at all. If you get it, could you maybe help me understand what could be the difference between contract and functional testing of a service?

    Also in contract testing is it important for the accuracy of the values in the service's response or is it just the response structure that matters?

    ReplyDelete
  3. Great question, Abhijeet! I think the difference between contract tests and functional tests is that the contract tests only focus on the relationship between the two APIs. In the example in this blog post, we have the Returns API with the /processReturn endpoint. That endpoint adds a ball back to the inventory and starts the process to refund the money to the customer. When the Returns API team provides contract tests to the Inventory API, they're not going to include any tests for refunding money, because that has nothing to do with the Inventory API. Any tests for refunding money would be functional tests for the Returns API.

    ReplyDelete
  4. Does that mean, we need another layer to support contract tests, other than functional. Why I am saying is because let's say I have a functional suite using RestAssured , so now, I need to use another tool/lib for contract tests?

    ReplyDelete
    Replies
    1. Hi Sunny- no, contract tests don't need another layer; you can simply add new API tests into your existing framework. While there are tools that use mocking or virtualization to simulate an APIs response, you don't have to use them, and you can instead rely on calls to the real service.

      Delete
  5. I must thank you for the efforts you have put in penning this site. I am hoping to check out the same high-grade content by you later on as well. Keep up the good work
    software testing services
    software testing companies
    Security testing services
    Test automation services

    ReplyDelete
  6. Hey Guys !

    USA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
    All Leads have genuine & valid information

    **HEADERS IN LEADS**
    First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If anyone buy in bulk, we can negotiate
    *Sampling is just for serious buyers

    ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
    ->$5 PER EACH

    ->Hope for the long term deal
    ->Interested buyers will be welcome

    **Contact 24/7**
    Whatsapp > +923172721122
    Email > leads.sellers1212@gmail.com
    Telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  7. Are you interested in trading bitcoin binary and forex trade where you can earn 100% of your investment daily If you invest as low as $200 you will get a profit of $2,000 after 72 hours if you are intrested you can contact him via email: hackintechnology@gmail.com +12132951376(WHATSAPP)

    ReplyDelete
  8. Great Article… I love to read your QA outsourcing services articles because your writing style is too good, its is very helpful for all of us and I never get bored while reading your article because, they are becomes a more and more interesting from the starting lines until the end.

    ReplyDelete









  9. Hello World
    I’m hacker and Services provider
    interested in any thing i do fair deals.
    I will show you each and everything to start business
    also teaching Hacking / spamming short courses
    I have all tools that you need to spam

    .. Western Union transfer
    .. Credit cards
    .. Money adders
    .. Bill paying
    .. College fee
    .. Fake documents
    .. Grade change

    Contact:

    omoskovitz@gmail.com




    ReplyDelete
  10. Hello all
    am looking few years that some guys comes into the market
    they called themselves hacker, carder or spammer they rip the
    peoples with different ways and it’s a badly impact to real hacker
    now situation is that peoples doesn’t believe that real hackers and carder scammer exists.
    Anyone want to make deal with me any type am available but first
    I‘ll show the proof that am real then make a deal like

    Available Services

    ..Wire Bank Transfer all over the world

    ..Western Union Transfer all over the world

    ..Credit Cards (USA, UK, AUS, CAN, NZ)

    ..School Grade upgrade / remove Records

    ..Spamming Tool

    ..keyloggers / rats

    ..Social Media recovery

    .. Teaching Hacking / spamming / carding (1/2 hours course)

    discount for re-seller

    Contact: 24/7

    fixitrogers@gmail.com

    ReplyDelete
  11. Appsinvo was founded in 2015 and it is india-based company. Appsinvo is a Top Mobile App Development Company in India, USA and UK that develops unique, easy to use, high functionality and seamless operation that makes your web and mobile app more innovative. Since 2015, we have been delivering our services for the last 5 years in 120 countries and we have developed more than 300 mobile apps that makes more than 150 clients happy and satisfied with our services.
    Mobile App development company in Asia
    Top Mobile App Development Company
    Top Mobile App Development Company in Noida
    Mobile App Development Company in Delhi
    Top Mobile App Development Companies in Australia
    Top Mobile App Development Company in Qatar
    Top Mobile App Development Company in kuwait
    Top Mobile App Development Companies in Sydney
    Mobile App Development Company in Europe
    Mobile App Development Company in Dubai

    ReplyDelete

New Blog Location!

I've moved!  I've really enjoyed using Blogger for my blog, but it didn't integrate with my website in the way I wanted.  So I&#...