Let’s start with a real time example.
You must have heard about Facebook. To create an account of Facebook, you need to provide some personal details and hit enter. Now you have your own Facebook account. Your data is created in Facebook database. Who did this for you? A Facebook API. An API who is responsible to CREATE a user profile and save details in database.
Now you have got your Facebook credentials using which you login and land to timeline. Who did this for you? A Facebook API. An API who is responsible to RETRIEVE a user profile data and display on timeline.
You forgot that you are married but you selected marital status as single while creating Facebook profile. Afraid. You go to profile page and update marital status as Married. Relaxed. But Who did this for you? A Facebook API. An API who is responsible to UPDATE user profile data.
After some days you start feeling that Facebook is taking a lot of your time. You go and delete your profile. Who did this for you? A Facebook API. An API who is responsible to DELETE a user profile and remove details from database.
An API is developed to serve a purpose/functionality which may fall in one of these categories:
Creating data , Retrieving data, Modifying data or Delete data.
Above are basic operations performed by APIs. These functions are called as CRUD(Create, Retrieve, Update and Delete) as an acronym. In REST, these operations are called as HTTP methods. There are more HTTP methods other than these.
We will see these HTTP methods here:
This HTTP method is used to read/retrieve resource representation only. It is called Safe methods as it can not modify information. It should retrieve same information for multiple identical requests until any other API has changed the state of resource. That’s why it is also called as idempotent method. Response is returned in JSON/XML format.
200 (OK) –> If GET API finds the requested resource.
404( Not Found) –> If GET API does not find the requested resource.
400 ( Bad Request) –> If GET request is not formed properly.
A HTTP POST method is used to create a new resource in collection of resources with a request body passed as a JSON/XML. If resource is created successfully at the end point, it returns a status code 201( Created) (Not always) and returns response body. It may return 200 (OK) and 204 (No Content) status code as well based on how it is created.
POST is not safe method as it is related to data creation. It is also not idempotent and invoking two identical POST requests will result in two different resources containing the same information with just different resource ids.
An HTTP PUT method is used to primarily update the resource information but it also can be used to create a new resource (Depends on API development) if requested resource is not available. If PUT request is made to update resource, it should return 200 (OK) and 204 (No Content) status code. If PUT request is made to create a new resource, it must return a status code 201( Created).
PUT is not a safe method as it performs data creation and modifications but it is idempotent as if we hit the same request again, it operates on same existing resource. But note here that a PUT request can be made as non-idempotent as well.
An HTTP DELETE method is used to delete an existing resource from collection of resources. On successful deletion of resource, it returns 200 (OK) and 204 (No Content) status code. It may return as 202 (Accepted) status code if request is queued.
It is not a safe method as it performs on modification of data. If we hit the same request again after first hit, it will give you 404 ( Not Found) . So DELETE request are idempotent after second call onward.
An HTTP PATCH method is used to update information of resource partially. It is different from PUT as PUT updates/replace complete information of resource while PATCH updates some information of resource. It returns 200 (OK) and 204 (No Content) status code
A PATCH method is not safe method as it operations on modification of data. It is also non-idempotent but can be made idempotent.
An HTTP HEAD method is identical to GET method without response body. Instead of response body or resource information, a GET request returns meta information/headers contented in an HTTP GET method. This method can be used for obtaining meta information about the entity implied by the request without transferring the entity-body itself.
An HTTP OPTIONS method which is used to get information about allowed operations on given URI. It returns a response header named “Allow” with the list of available operation on given URI.
This post just gives a basic idea about HTTP methods. We will see every methods in details when we actually start testing APIs. Hope you understand above concepts at least basics. You will be more clear with my upcoming posts.
More about API Testing in upcoming posts. Stay tuned.
If you have any doubt, feel free to comment below.
If you like my posts, please like, comment, share and subscribe.
Author: Amod Mahajan
My name is Amod Mahajan and I am an IT employee with 4+ years of experience in Software testing and staying in Bengaluru. My area of interest is Automation testing. I started from basics and went throw so many selenium tutorials. Thanks to Mukesh Otwani as his tutorials are easy and cover basics to advance. I have habit of exploring concepts by deep diving. I used to make notes. I thought of sharing my knowledge through posts and now I am here. #KeepLearning #ShareLearning