Automation standards for testing a REST webservice

The testing strategy is not just a one time document, which defines standards of testing. It’s reflects on all the activities — development, testing and the continuous loop of feedback. It improves the entire delivery chain by providing fast feedback and allowing the possibility of iterations during the sprint. And it will allow you to release your REST WebService to the world with confidence.

Organizations now a days are adopting ways to test a WebService the way it is consumed in Production. With no GUI forms, testing paradigm has changed and address all aspects of webservice testing. In order to provide justice to your test strategy, following activities needs to continously improved up (just to name a few):

1. Test for WebServices secrity – does your automation addresses security aspects of webservices. Few points for webservices security
Role/rights how a service components (DB, directory access, logs location) are deployed,
How multiple versions are accessed,
How WebServices are deployed / designed to handle malicious request, DoS, DDos
Will service timeouts gracefully for unexpected response, or serves from cache
Validity of sessions and their atomicity
Concurrent WebService access from same account (restricting multiple geographies)
Port binding and visibility

2. Test for business logic – does your automation validates business logic by simulating Admin and non admin account.
How auditing, exception handling are handled by webservice
Logs / alerts for failures & downtimes

3. Data validation – is your WebService tested for negative data
Impact of DB / Server space on application SLA

4. Dependencies – is your webservice test can identify missing dependency or Dependency downtime

5. Scale out – how much can your webservice be scaled out on addition of servers.

6. Disaster recovery – Is your WebService addresses concurrent live deployment

7. Tests for Code quality – is your code base scanned for standard coding practices.
It is formally inspected for any loopholes

8. Deployment / Migration – how well your webservices environment tested for deployments, deprovisioning, upgrade / downgrade of supported OS, Databases, filesystem etc.