REST Assured Auth Schemes in API tests automation

REST Assured Auth Schemes in API tests automation

Depending on the type of authorization your application under test utilizes, you will need to adapt your automated tests to use a certain type of authentication. REST Assured is an open-source Java based library used for testing and verifying Restful Web Services. It supports several authentication schemes, i.e., basic, OAuth, digest, certificate, and form. This Tech Bite will show you how to employ Basic and OAuth2 authentication types in your test suites.

Syntax 

REST Assured syntax is based on BDD syntax, using keywords for readability, such as  given() , when() , then() 

Basic Auth 

The basic authentication scheme secures web-based applications using a username and password in base64 encoded format. When sending API requests, the request header needs to contain the user credentials.

public void getExample() {

final Response response = given().baseUri("https://example.com")

                 .basePath("/example")

                 .auth()

                .basic("username", "password")

                 .contentType(ContentType.JSON)

                 .get();

        

        response.then().statusCode(HttpURLConnection.HTTP_OK);

}

OAuth2 

When using OAuth 2.0, an access token, which grants access to a user to send requests, is generated. It can be obtained in different ways for its use in tests.

public void getExample() {

final Response response = given().baseUri(“https://example.com”)

                .basePath("/example")

                .auth()

                .oauth2("yourToken")

                .contentType(ContentType.JSON)

                .get();

        

        response.then().statusCode(HttpURLConnection.HTTP_OK);

}

Reusing specifications

Through the re-use of the specification, REST Assured provides us with a way to keep the authentication schemes and other specifications common for all requests (such as headers and response validations) in one place. Here we will create an abstract class that will hold specifications for Basic auth scheme and response validation and then extend our ExampleClass containing the request itself:

public abstract class ApiConfig {

 protected static RequestSpecification requestSpec() {

        return new RequestSpecBuilder()

                .setBaseUri(“https://example.com”)

                .setAuth(setBasicAuthScheme())

                .addHeader("Content-Type", ContentType.JSON.toString())

                .addHeader("Accept", ContentType.JSON.toString())

                .build();

    }

 private static BasicAuthScheme setBasicAuthScheme() {

        final BasicAuthScheme authScheme = new BasicAuthScheme();

        authScheme.setUserName(“username”);

        authScheme.setPassword(“password”);

        return authScheme;

    }

  protected static ResponseSpecification responseSpec() {

        return new ResponseSpecBuilder()

                .expectStatusCode(HttpURLConnection.HTTP_OK)

                .build();

    }

}

public class ExampleClass extends ApiConfig {

   public void getExample() {

        final Response response = given(requestSpec())

                .basePath("/example")

                .get();

        

        response.then().assertThat().spec(responseSpec());

    }

}

Conclusion

In this Tech Bite, we have seen how to authorize user requests using different REST Assured auth schemes. REST Assured is an open source library used for automating API tests. Its various methods enable us to assert expected results in an easy and readable way. 

More about authentication schemes and other usages of this Java based library that might intrigue you to start using it for your API automation can be found on this link.