The REST Listicator

The application has been deployed to Heroku

You can run the application locally or run it from a cloud system.

The application has been deployed to Heroku at

The cloud version will:

Multi-User Support

By default all requests use the 'global' set of data. This makes the application easy to use for single users and multiple users can access this, although they will be amending each others data.

If a user wants a unique session, perhaps because they want to automate and have deterministic results without interference from other users they must use a X-SESSIONID header.

GET /sessionid e.g. GET http://localhost:46002/listicator/listicator/sessionid

Install and Running Locally

download the jar from TestingApp Releases on Github

If you double click it then it will be running in the background on port 4567 - you might have to use task manager to kill the Java VM that it is running on to exit.

Built in Users

Three users are created by default with different permissions: superadmin, admin, user - all have the default password set to password

Use Basic authentication to use these users.

Command Line Arguments For Local Execution

End Points Summary

NOTE:
if you see {username} or {guid} mentioned in the end point documentation.
This means "replace {username} with an actual username"
e.g. /users/{username}/apikey would be /users/admin/apikey

The end points may be nested in a sub path e.g. /listicator/heartbeat

Check with your system admin to find out how the application has been configured.

On heroku the requests are of the form:

Running locally it is likely to be (by default):


End Points

Heartbeat

e.g.

curl -i -X GET http://localhost:46002/listicator/heartbeat
curl -v -X GET http://localhost:46002/listicator/heartbeat

Lists


Lists Examples

Note: continuation character on mac is \ and on Windows it is ^

curl -X GET ^
  http://localhost:46002/listicator/lists ^
  -H "accept: application/json"

'GET /lists'

Accept: application/json

{
    "lists": [
        {
            "guid": "d4625287-989a-4454-b01a-cb99545a87a6",
            "title": "title",
            "description": "",
            "createdDate": "2017-07-19-15-53-14",
            "amendedDate": "2017-07-19-15-53-14"
        }
    ]
}
curl -X GET ^
  http://localhost:46002/listicator/lists ^
  -H "accept: application/xml"

Accept: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<lists>
    <list>
        <guid>d4625287-989a-4454-b01a-cb99545a87a6</guid>
        <title>title</title>
        <description></description>
        <createdDate>2017-07-19-15-53-14</createdDate>
        <amendedDate>2017-07-19-15-53-14</amendedDate>
    </list>
</lists>

List


List Examples

curl -X GET \
  http://localhost:46002/listicator/lists/d4625287-989a-4454-b01a-cb99545a87a6 \
  -H 'accept: application/json'

GET /lists/{guid}

Accept: application/json

{
    "guid": "d4625287-989a-4454-b01a-cb99545a87a6",
    "title": "title",
    "description": "",
    "createdDate": "2017-07-19-15-53-14",
    "amendedDate": "2017-07-19-15-53-14"
}
curl -X GET ^
  http://localhost:46002/listicator/lists/d4625287-989a-4454-b01a-cb99545a87a6 ^
  -H 'accept: application/xml'

Accept: application/xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<list>
    <guid>d4625287-989a-4454-b01a-cb99545a87a6</guid>
    <title>title</title>
    <description></description>
    <createdDate>2017-07-19-15-53-14</createdDate>
    <amendedDate>2017-07-19-15-53-14</amendedDate>
</list>


POST /lists

With a body

{title:'my title custom'}

Would create a list - try experimenting with the different fields: guid, description, createdDate, amendedDate etc.


PATCH /lists/{guid}

Where {guid} would be an actual guid value e.g. d4625287-989a-4454-b01a-cb99545a87a6

{
    "guid": "d4625287-989a-4454-b01a-cb99545a87a6",
    "title": "title2",
}

_currently does not comply with https://tools.ietf.org/html/rfc7396 _


Users

curl -X GET http://localhost:46002/listicator/users
curl -X POST \
  http://localhost:46002/listicator/users \
  -H 'accept: application/json' \
  -H 'authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
  -H 'content-type: application/json' \
  -d '{username:"username", password:"password"}'

User

curl -X GET http://localhost:46002/listicator/users/superadmin ^
 -H "authorization: Basic YWRtaW46cGFzc3dvcmQ="

PUT /users/{username}/password

XML:

<user><password>newPassword</password></user>

JSON:

{password:'newPassword'}

PUT /users/{username}/apikey

XML:

<user><apikey>newApiKeyIsThisYes</apikey></user>

JSON:

{apikey:'newApiKeyIsThisYes'}

Payload representation

Authentication

Verbs

General

Known Bugs

The system has been coded with some known bugs - these are all fixed by default. If you would like to test your testing skills then start with -bugfixes=false to have the known bugs present in the application.

See if you can find them.

java -jar rest-list-system.jar -bugfixes=false


Details

This application has been written by Alan Richardson

Copyright Compendium Developments Ltd

Source code is available as part of "The Evil Tester's Compendium of Testing Apps" with source on Github.

Deployed to Heroku at rest-list-system.herokuapp.com/listicator/

Recommended tools for exploratory testing of REST API:

If you are interested in learning how to test APIs then you might find the book by Alan Richardson called "Automating and Testing a REST API" useful.

The book has a support page with many videos and sample code.


More Details About the Author