How to use Rest Assured Framework in aiTest
How to use Rest Assured Automation Framework in aiTest.
How to Create Postman Collection and use Pre-request Script for Authorization
Summary
- Postman collections are powerful tools that allow you to store and organize API requests, variables, and scripts.
- They help streamline API testing and development by making requests more dynamic and efficient.
What is Postman Collection?
- Postman collections can be created manually by adding individual requests or generated automatically from API documentation.
- They are sets of API requests that can be organized and shared, and they support variables and scripts for added flexibility and automation.
Why to use Postman Collection?
- aiTest assists in identifying security vulnerabilities and weaknesses in your application’s URLs and APIs.
- By performing security testing, you can identify potential security risks, such as unauthorized access, data leaks, or injection attacks.
Benefits
Efficiency:Postman collections automate the testing process, allowing for frequent and consistent execution of tests.Early Issue Identification:By testing URLs and APIs early in the development cycle, issues can be identified and resolved promptly.Security Testing:aiTest helps identify security vulnerabilities and risks in the application, leading to improved security measures.
How to Create a Collection in Postman?
- Sign up using your E-mail or Google account.
- Once you have reached the Postman dashboard, navigate to the left-side menu and select the
Workspaces.
- Click on the
Workspacesoption.
- Configure new Workspace in postman, Once you created workspace it will get selected by default or you can change it from list. Now we have to create new collection in our newly created workspace.
- On left side of dashboard there is a
Collectionoption, click on it you will see ‘ + ‘ icon.
Click on “ + “ icon, it will create collection with name “New collection”, you can update it as per your collection name. - Once you are ready with your new collection, Select it from Collection list. Now we start adding request in our collection,
- a)In selected collection you will see “ … “(three dots).
- b)click on those, you will see
Add requestoption in list.
- Select
Add request, it will open new drawer to configure request.
- Add basic request details such as “Request type(can be selected from list get, post, put, delete etc …)” & “URL”.
- Additionally you need to update “Body”, “Authorization”, “Headers” & “Pre-request Script” as per your request requirements, Give name to your request , its optional.
- Save your request and click send button. It will run given request and will show response on same postman screen.
- Inside the Collection there is “Variables” option and can be use to set Collection Variables.
- To Run collection manually in postman Run collection Option is provided. To run it, again in selected collection click on it ‘…’, you will get
Run collectionoption in list. Select it and configure Run configuration details and Run Collection.
Collection Variables
Before running the Script in collection, Set following Collection Variables
cognitoClientId:< client id >;authorizationCode:**-4978-99b7-**;congnitoRedirectUri:http://localhost:8080/;cognitoTokenUrl:https://login-marxeed-dev.auth.us-east-1.amazoncognito.com/oauth2/token;cognitoClientSecret:None;cognitoRefreshToken:None;cognitoIdToken:None;cognitoAccessTokenExpiry:None;cognitoAccessToken:None;
How to take Authorization Code from AWS Cognito?
- Sign up using your official E-mail.
- Once you have reached the AWS dashboard.
- Search
Cognitooption in the serach bar and click onCognitooption. - Click on your user pool.
- Click on
App Integrationoption. - In App clients and analytics we have to click on app client name.
- In Hosted UI click on
View Hosted UIoption. - Then Sign in with your email and password.
- Copy that
Authorization Codefrom address bar.
Note:
- Please Update
cognitoClientId,authorizationCode,cognitoTokenUrl&congnitoRedirectUriwith your values. - Make sure you are using
cognitoIdTokenvariable as value for Bearer Token in Authorization section of each request in collection. - To Run Pre-request Script in Collection need to update
Authorization Codein Collection variable named asauthorizationCode.
Pre-request Script for Authorization
- To call authenticated request , Pre-request Script can be used.
- Pre-request Script is javascript which can be added in Pre-request Script section of collection.
Pre-request Script
var cognitoClientId = pm.collectionVariables.get("cognitoClientId");
var authorizationCode = pm.collectionVariables.get("authorizationCode");
var congnitoRedirectUri = pm.collectionVariables.get("congnitoRedirectUri");
var cognitoRefreshToken = pm.collectionVariables.get("cognitoRefreshToken");
var cognitoIdToken = pm.collectionVariables.get("cognitoIdToken");
var cognitoTokenUrl = pm.collectionVariables.get("cognitoTokenUrl");
console.log(authorizationCode)
console.log(cognitoTokenUrl)
const postRequestwithCode = {
url: cognitoTokenUrl,
method: 'POST',
timeout: 0,
header: {
"Content-Type": "application/x-www-form-urlencoded"
},
body: {
mode: 'urlencoded',
urlencoded: [{
key: "grant_type",
value: "authorization_code"
},
{
key: "redirect_uri",
value: congnitoRedirectUri
},
{
key: "client_id",
value: cognitoClientId
},
{
key: "code",
value: authorizationCode
},
]
}
};
const postRequestwithRefreshToken = {
url: cognitoTokenUrl,
method: 'POST',
timeout: 0,
header: {
"Content-Type": "application/x-www-form-urlencoded"
},
body: {
mode: 'urlencoded',
urlencoded: [{
key: "grant_type",
value: "refresh_token"
},
{
key: "redirect_uri",
value: congnitoRedirectUri
},
{
key: "client_id",
value: cognitoClientId
},
{
key: "refresh_token",
value: cognitoRefreshToken
},
]
}
};
console.log(cognitoIdToken)
if (!cognitoIdToken || cognitoIdToken == "null") {
console.log('Tokens are missing from env getting token with code')
pm.sendRequest(postRequestwithCode, function (err, res) {
console.log(err ? err : res.json());
var responseJson = res.json();
console.log(typeof responseJson);
if ( 'error' in responseJson) {
console.log('Error while getting access token by using authorization code', responseJson);
}
else
{
console.log(responseJson);
pm.collectionVariables.set('cognitoIdToken', responseJson['id_token']);
pm.collectionVariables.set('cognitoAccessToken', responseJson['access_token']);
pm.collectionVariables.set('cognitoRefreshToken', responseJson['refresh_token']);
var expiryDate = new Date();
expiryDate.setSeconds(expiryDate.getSeconds() + responseJson.expires_in);
pm.collectionVariables.set('cognitoAccessTokenExpiry', expiryDate.getTime());
}
});
} else if (pm.collectionVariables.get('cognitoAccessTokenExpiry') <= (new Date()).getTime()) {
console.log('Token Expired , getting new id token with refresh token')
pm.sendRequest(postRequestwithRefreshToken, function (err, res) {
console.log(err ? err : res.json());
var responseJson = res.json();
if ( 'error' in responseJson) {
console.log('Error while getting access token by using existing access token', responseJson);
}
else
{
console.log(responseJson);
pm.collectionVariables.set('cognitoIdToken', responseJson['id_token']);
pm.collectionVariables.set('cognitoAccessToken', responseJson['access_token']);
pm.collectionVariables.set('cognitoRefreshToken', responseJson['refresh_token']);
var expiryDate = new Date();
expiryDate.setSeconds(expiryDate.getSeconds() + responseJson.expires_in);
pm.collectionVariables.set('cognitoAccessTokenExpiry', expiryDate.getTime());
}
})
} else {
console.log('Token is valid, using it ')
}
Questions Answered
- How to Create Collection in Postman?
- What is Pre-Request Script?