Supporting improved fundraising for projects
Our team developed the donation platform and related APIs to support better funding for Scouts projects. This platform allowed the Scouts team to manage permissions for several user roles without exposing the system to external administrators and moderators.
About the customer
Founded in 1922, the World Organization of the Scout Movement is a voluntary non-political educational movement, which provides young people with opportunities to participate in programs, events, activities, and projects that contribute to their growth as active citizens. With 171 member organizations, Scouts has over 54 million participants
The World Organization of the Scout Movement (WOSM) was looking to build a donation platform to release better funding to projects managed on all platforms by National Scout Organizations (NSO), National Scout Associations (NSA), and Scout groups by engaging with their existing donor and supporter base via social media.
Each region consisting of the Scouts team also had their own child sites with various roles and permissions in it, and the database was the same, stored on the parent site scouts.org. The Scouts team also had requirements that involved creating and modifying endpoints mainly related to user roles and permissions, the creation of various content types in the parent system, along with whitelisting and blacklisting users without needing to give access to the parent system.
One of the major challenges in terms of QA was identifying all the impact areas for the modified API endpoints. The second challenge was the tight deadlines and ensuring accurate and sufficient testing was done to release the new platform.
Study the existing APIs and create a mapping document.
Validate newly created as well as modified existing APIs.
|Efficiently validate APIs.||Automate the API test suite.|
One of the primary objectives of developing the donation platform with the newly identified APIs was implemented using the RESTful module in Drupal 7. The QA process and practices that we follow at Axelerant were continued for a full-fledged API testing project too, using tools effectively to increase efficiency.
Our QA team created a quick mapping sheet to relate APIs with functionality to later identify the regression tests when new APIs were introduced or existing APIs modified. The approach to testing APIs is no different from testing a UI-based or a backend feature—only the method differs. The key was to first identify the test scenarios and then test them with precision.
The team used Postman to validate API endpoints, from generating access tokens to authorizing them, to creating and updating various content types using the corresponding HTTP request methods, GET, POST, PUT, PATCH and DELETE. Once the test scenarios were identified, test scripts were created for verifying the response data, status codes and the JSON schema.
These are a few of the practices we followed when using the tool:
- Use of Global Variables: Validation of API endpoints that involved the passing of data between several requests within different collections using global variables.
- Use of Environment Variables: Environment variables were implemented so that all the requests could be bundled into several collections, grouped by features, shared across the entire team, and then run across a couple of environments when needed.
- Verify End-to-End Workflows: Instead of merely testing the endpoints in isolation, the test suite was divided into folders and the actual user workflow was tested by spanning across multiple API calls.
- Collection Runner and CI/CD: By running tests as part of the collection runner, the team (developers and testers) could run the tests quickly in one go and view the results. Using Newman, we could seamlessly integrate Postman tests with GitLab CI.
- Around 300+ test scripts were run across several environments to provide faster feedback to various team members simply by running a command, without the need to make any changes because of global and environment variables.
- Actual use cases were thoroughly tested in the form of workflows instead of isolated API endpoint verification.
- The test results clearly indicated when an API didn’t behave the way it was expected to.
- The donation platform was developed, tested and launched in three weeks, and the Axelerant team successfully launched the rest of the features related to granting access to the parent site through API endpoints
- Effective Regression Testing Strategy
- Writing Tests Using Postman
- Good Practices With Tools
- Automating and Executing API Tests
Effective Regression Testing Strategy
As the project already consisted of API endpoints, the key was to successfully identify impacted areas to form the regression test suite. A quick mapping matrix created using a simple spreadsheet helped the QA team to identify the regression tests and also helped developers to verify their work before passing it on for QA. With this input, every API endpoint that was introduced or modified was tested for functionality along with affected areas.
Writing Tests Using Postman
Our team validated APIs by writing tests using Postman for all API endpoints. They validated the schema, response time, and status codes instead of simply hitting the requests and then manually verifying the responses each time. The tests were always written to serve a purpose, which was to test APIs for both positive and negative scenarios and edge cases.
Good Practices With Tools
Test suites were created by grouping APIs into folders as per functionality. The team tested these APIs to verify the actual end-to-end workflows rather than just verifying them in isolation. The collections were shared across the entire team, and everyone could verify them in one go using the collection runner, and then see the results in a single view.
Automating and Executing API tests as Part of CI/CD
Further, all these tests and global and environment variables were exported in JSON format so that they could be run using Newman CLI in the CI/CD pipeline for faster feedback.