Forem: Daniel Ma

What Is JWT Bearer for REST APIs and How to Debug It With Code & Tools

Daniel Ma — Mon, 11 Nov 2024 16:11:25 +0000

Understanding JWT Bearer for REST APls: A Guide to Debugging with Code& Tools

In today's web development landscape, securing REST APIs is crucial for developers and organizations. One effective method is using JSON Web Tokens (JWT), specifically JWT Bearer tokens.These compact,self-contained tokens facilitate secure information exchange between parties, enhancing user experience by allowing seamless access to resources without repeated logins.

In this guide,we'l delve into the fundamentals of JWT Bearer tokens, exploring their structure,purpose, and implementationin REST APls, Additionally, we'll provide you with practical insights and tools to effectively debug and troubleshoot any issuesthat may arise during development, whether you're a seasoned developer or just starting out, this guide wil equip you withthe knowledge and skills to master JWT Bearer tokens in your projects.

Why Use JWT Bearer for REST APIs

JSON Web Tokens (JWT) are a widely adopted method for securing REST APIs. They offer numerous advantages that make them an ideal choice for token-based authentication in modern web applications.

Advantages:

1.Compact and Self-Contained: JWTs are compact, making them easy to transmit while including all necessary information in a single token.
2.Stateless: JWTs do not require the server to store session state, making them scalable and efficient for distributed systems.
3.Interoperability: JWTs are based on open standards, allowing for easy integration across different platforms.

What is JWT Bearer?

JWT Bearer tokens are authentication tokens encoded as JSON Web Tokens. They are commonly used in OAuth 2.0 protocols to authorize users accessing APIs.

Structure:

A JWT consists of three parts:

1.Header: Indicates the type of token and the signing algorithm.
2.Payload: Contains user claims and authentication data.
3.Signature: Ensures that the token has not been altered.
The encoded token looks like this: header.payload.signature.

How to Implement JWT Bearer in Java

To implement JWT Bearer authentication in a Java REST API, follow these steps:

Step 1: Generate a JWT

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.Date;

public class JwtUtil {
    private String secretKey = "your-secret-key";

    public String generateToken(String username) {
        return Jwts.builder()
                   .setSubject(username)
                   .setExpiration(new Date(System.currentTimeMillis() + 86400000)) // expires in 1 day
                   .signWith(SignatureAlgorithm.HS256, secretKey)
                   .compact();
    }
}

Step 2: Use the Token in Requests

In your controller, extract the token from the Authorization header:

import javax.servlet.http.HttpServletRequest;

public void someEndpoint(HttpServletRequest request) {
    String authHeader = request.getHeader("Authorization");
    if (authHeader != null && authHeader.startsWith("Bearer ")) {
        String token = authHeader.substring(7);
        // Validate the token here
    }
}

Step 3: Validate the JWT

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;

public Claims validateToken(String token) {
    return Jwts.parser()
               .setSigningKey(secretKey)
               .parseClaimsJws(token)
               .getBody();
}

How to Use Tools to Test JWT Bearer

Testing JWT Bearer authentication can be easily done using tools like EchoAPI.

Using EchoAPI:

1.Open EchoAPI and create a new request.

2.Set the HTTP method and URL of your API endpoint.

3.In the headers section, add a new header with the key Authorization and the value Bearer your_jwt_here.

4.Send the request and observe the response.

Using cURL:

To test your API with cURL, you can use the following command:

curl -X GET http://api.example.com/endpoint \
-H "Authorization: Bearer your_jwt_here"

Conclusion

JWT Bearer tokens provide a robust, efficient, and highly scalable way to secure REST APIs. By implementing JWT in Java, you can easily manage user authentication without maintaining session state. Testing JWTs with tools like EchoAPI and cURL simplifies the process, ensuring that your APIs are robust and user access is secure. As the demand for secure API solutions continues to grow, mastering JWT Bearer tokens will remain essential for developers.

What Is Bearer Tokens for REST APIs and How to Debug It With Code & Tools

Daniel Ma — Mon, 11 Nov 2024 16:06:20 +0000

Bearer tokens play a crucial role in securing and authorizing access to REST APIs serving as a form of authentication that grants users permission to interact with protected resources. in the world of web development, understanding how beareltokens work and being able to effectively debug issues related to them is essential for maintaining the security and functionality of API-driven applications.

In this guide, we will delve into the concept of bearer tokens for REST APls, exploringtheir purpose, implementation, and common debugging techniques using code andspecialized tools. By gaining a comprehensive understanding of bearer tokens andmastering the art of debugging them, developers can ensure the smooth operationand integrity of their REST APl-based systems.

Why Use Bearer Tokens for REST APIs

Bearer tokens are a popular authentication mechanism for REST APIs due to their simplicity and security. They serve as a method of conveying user credentials in HTTP requests, ensuring that only authorized users can access specific resources.

Advantages:

Statelessness: Bearer tokens allow for stateless authentication, where the server doesn’t need to keep track of user sessions.
Flexibility: They can be easily integrated with different backend services and scale horizontally more efficiently.
Secure: By using protocols like HTTPS, bearer tokens can securely transmit user identity without exposing sensitive data.

What is a Bearer Token?

A bearer token is a type of access token that is used in OAuth 2.0 authentication protocols. It is essentially a string that the client sends to the server to authenticate itself. If a request includes a valid bearer token, the server grants access to the requested resources.

Structure:

Bearer tokens can vary in structure but are typically long, randomized strings that offer sufficient entropy to be secure against brute-force attacks. They can also include metadata, such as expiration times and scopes of access.

How to Implement Bearer Token in Java

To implement bearer token authentication in a Java REST API, you can follow these steps:

Step 1: Generate a Token

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;

public String generateToken(String username) {
    return Jwts.builder()
            .setSubject(username)
            .setExpiration(new Date(System.currentTimeMillis() + 86400000)) // 1 day expiration
            .signWith(SignatureAlgorithm.HS256, "secret-key")
            .compact();
}

Step 2: Use the Token in Requests

In your controller, retrieve the token from the Authorization header:

import javax.servlet.http.HttpServletRequest;

public void someEndpoint(HttpServletRequest request) {
    String authHeader = request.getHeader("Authorization");
    if (authHeader != null && authHeader.startsWith("Bearer ")) {
        String token = authHeader.substring(7);
        // Validate token here
    }
}

Step 3: Validate the Token

public Claims validateToken(String token) {
    return Jwts.parser()
            .setSigningKey("secret-key")
            .parseClaimsJws(token)
            .getBody();
}

How to Use Tools to Test Bearer Tokens

Testing bearer token authentication can be done using various tools like Postman or cURL.

Using EchoAPI:

1.Open EchoAPI and create a new request.

2.Select the HTTP method (GET, POST, etc.) and enter the request URL.

3.Navigate to the "Authorization" tab.

4.Choose "Bearer Token" from the dropdown.

5.Enter your token in the provided field.

6.Send the request and check the response.

Using cURL:

You can also use cURL to test your API with a bearer token:

curl -X GET http://api.example.com/endpoint \
-H "Authorization: Bearer your_token_here"

Conclusion

Bearer tokens provide a robust and flexible method for authenticating users in REST APIs. By implementing bearer token authentication in Java, you ensure that your API is secure and efficient. With tools like Postman and cURL, testing these tokens becomes straightforward, allowing developers to verify that only authorized users can access specific resources. As the need for secure, scalable API solutions grows, understanding and effectively implementing bearer tokens will remain a critical skill for any backend developer.

Bruno vs. EchoAPI: A Detailed Comparison of Top API Management Tools

Daniel Ma — Fri, 08 Nov 2024 15:14:27 +0000

In modern software development, API management tools are indispensable. Among the most noteworthy are Bruno and EchoAPI. Both are powerful tools, making the choice challenging for developers. This article compares Bruno and EchoAPI in detail to help you make an informed decision.

Bruno Features

Bruno is known for its intuitive usability and customizable nature.

Advantages:

1. User-Friendly Interface: Offers an easy-to-use UI, making it beginner-friendly and ensuring smooth operation.
2. Customization: Highly customizable to meet the diverse needs of users.
3. Rich Plugins: Extensive plugins allow for functionality expansion.

Challenges:

Performance: Can slow down when handling large data sets.
Feature Limitations: Some advanced features are only available in the paid version.

EchoAPI Features

EchoAPI stands out for its efficiency and integration capabilities.

Advantages:

1. Integrated Tools: Allows you to perform API debugging, design, testing, and documentation all on one platform.
2. Real-Time Debugging: Provides instant feedback, speeding up issue resolution.
3. Cost-Effective: Offers excellent cost performance with its free, lightweight plugins.

Challenges:

Learning Curve: New users might take some time to fully master all its features.
Customization Limits: Some customization options are limited.

Choosing Criteria

Both tools offer excellent features, but your choice should be based on the following criteria:

Ease of Use: If you’re a beginner or prefer a simple UI, Bruno is a suitable choice.
Functionality and Efficiency: For comprehensive API management in one place, EchoAPI is a wise choice.
Cost: For advanced features at a more affordable price, EchoAPI has the upper hand.

Conclusion

The choice of tool ultimately depends on your project needs and developer skill set. Both Bruno and EchoAPI are powerful and can significantly improve API development and management when used appropriately. Aim for a smoother development flow by selecting the tool that best fits your needs.

Common API Design Mistakes and How to Avoid Them

Daniel Ma — Fri, 08 Nov 2024 15:11:02 +0000

Building an API is like laying the foundation of a house: if you get it wrong, everything else on top of it is shaky. Whether you're new to API design or you've been around the block a few times, there are common mistakes that many developers make when designing APIs. The good news? They’re avoidable! Here’s a rundown of those mistakes and how to steer clear of them.

1. Lack of Clear Documentation

One of the biggest mistakes in API design is not providing clear, thorough documentation. If users don’t understand how to interact with your API, it doesn’t matter how well-designed the API is—nobody will be able to use it effectively.

How to Avoid It:

Document Everything: Every endpoint, parameter, request type, and response should be documented. Use tools like Swagger or EchoApi to auto-generate documentation as you build your API.
Provide Examples: Show real-world examples of requests and responses. It helps developers understand how to integrate with your API faster.

How EchoAPI Helps:

Auto-generated Documentation: EchoAPI automatically generates clear, up-to-date documentation from your API requests and responses, ensuring that your documentation is always in sync with the latest version of your API.

2. Overcomplicating the API

Sometimes developers try to make their APIs too smart or complex. This leads to convoluted endpoints and overengineered logic that confuses users.

How to Avoid It:

Keep It Simple: Stick to basic REST or GraphQL principles. If something can be done in one call, don’t split it into five. Avoid deeply nested paths unless absolutely necessary.
Follow Consistent Patterns: If your API uses /users for retrieving users, don’t suddenly use /userList or /retrieve-users. Consistency makes the API more intuitive. ## 3. Ignoring Versioning APIs are never static. They grow, change, and evolve. But without proper versioning, updates to your API can break existing integrations and make your users unhappy.

How to Avoid It:

Version Early: Implement versioning from the start (e.g., v1, v2). This way, when changes happen, you don’t break existing applications using the older version.
Deprecate, Don’t Eliminate: When creating new versions, let the older ones live on for a while. Give users time to migrate before fully phasing out older versions.

How EchoAPI Helps:

Version Management: EchoAPI allows you to track, manage multiple API versions side by side. ## 4. Not Handling Errors Gracefully A well-designed API should handle errors in a clear and meaningful way. Throwing vague errors like 400 Bad Request without any context can frustrate developers who are trying to debug.

How to Avoid It:

Standardize Error Responses: Use clear and descriptive error codes with helpful messages. For example, instead of just saying 404 Not Found, specify why it wasn’t found. Provide additional information in the response body to guide the user.

Example:

{
  "error": "User not found",
  "message": "The user ID provided does not exist in our records."
}

Follow HTTP Standards: Use the appropriate HTTP status codes. Don’t return a 200 OK when something actually failed. If a user tries to create a resource but fails, return a 400 Bad Request or 422 Unprocessable Entity, depending on the issue.

5. Not Being Consistent with Response Formats

One big mistake is having inconsistent response formats. This creates confusion for developers trying to consume your API, especially when different endpoints return responses in different shapes.

How to Avoid It:

Stick to a Consistent Format: Whether you use JSON or XML, ensure all endpoints follow the same format. If a user request returns user data in one endpoint, it should look the same across other endpoints that involve users.

Bad Example (Inconsistent):

// Response from /users
{
  "user_id": 123,
  "user_name": "JohnDoe"
}

// Response from /orders
{
  "userId": 123,
  "username": "JohnDoe"
}

Good Example (Consistent):

{
  "id": 123,
  "name": "JohnDoe"
}

Follow Naming Conventions: Use either s*nake_case* or camelCase throughout your API. Avoid mixing them.

6. Ignoring Performance Optimization

Performance is key, especially when building APIs that will be used at scale. If your API is slow, no amount of good design can save it. Poor performance can be a result of over-fetching data, inefficient database queries, or a lack of caching.

How to Avoid It:

Use Caching: Cache data that doesn’t change often. For instance, frequently accessed resources or user profiles can be cached to reduce the number of database hits.
Limit Payloads: Allow users to request only the data they need. This can be done using GraphQL, or in REST by allowing query parameters to filter data. Don’t return an entire user object when only the username is requested.

How EchoAPI Helps:

Load Testing: EchoAPI lets you stress-test your API to ensure that it performs well under heavy loads. This prevents issues related to poor scaling as your user base grows. ## 7. Overusing or Underusing HTTP Methods REST APIs should follow the correct usage of HTTP methods like GET, POST, PUT, PATCH, and DELETE. Misusing these can confuse developers.

How to Avoid It:
Follow REST Best Practices:

GET should only be used for retrieving data.
POST for creating new resources.
PUT for updating resources (entire object).
PATCH for partial updates.
DELETE for removing resources.

Don’t use GET to delete or modify data, and don’t use POST when retrieving data.

8. Ignoring Security

APIs are often exposed to the public, which makes security a top priority. However, many developers forget to implement even basic security features, leaving the API vulnerable to attacks.

How to Avoid It:

Use Authentication and Authorization: Always ensure that sensitive endpoints are protected with proper authentication (like OAuth2 or API keys). Use role-based access control to limit which users can perform certain actions.
Rate Limiting: Implement rate limiting to prevent abuse. This ensures that even if someone tries to spam your API with requests, they’ll be blocked after a certain threshold.

How EchoAPI Helps:

Authentication Simulation: EchoAPI allows you to test authentication mechanisms like OAuth, API keys, and JWT tokens. You can tests for secured endpoints, ensuring that only authorized users can access sensitive data.

9. Forgetting About Pagination

If you’re returning large datasets (like thousands of users or posts), not paginating results can lead to performance issues. You don’t want to dump 10,000 records on the user in one response!

How to Avoid It:

Implement Pagination: Use query parameters like limit and offset to paginate results. This not only improves performance but also makes it easier for the client to navigate large datasets.

Example:

GET /users?limit=10&offset=0

Wrapping It Up

API design is an art, and like any art, it’s all about the details. By avoiding these common mistakes—like poor documentation, inconsistent response formats, and ignoring performance—you can create an API that’s user-friendly, efficient, and secure.

And, hey, if you want to make your life easier when testing, debugging, and managing your APIs, EchoAPI can help with version control, automated testing, and more, so you can avoid these mistakes and keep your API game strong!

Get Started for Free!!

From API Debugging and Load Testing to Documentation and Mock Servers, EchoAPI simplifies the entire process. You can jump right into testing without the hassle of creating an account or signing in, thanks to its user-friendly interface. With a built-in Scratch Pad for quick notes, an affordable pricing structure for both individual developers and teams, and a lightweight native client that doesn’t slow down your system, EchoAPI is the ideal solution for fast, efficient, and cost-effective API development.

Happy coding! 😄

How to Implement Search and Filtering in APIs🦉

Daniel Ma — Thu, 07 Nov 2024 11:29:07 +0000

When you build an API, one of the most useful features you can add is search and filtering. Imagine you’re building an API for a library of books — users might want to find books by a specific author, books published after a certain year, or books that contain a keyword in the title. Implementing search and filtering makes your API much more powerful and flexible.

In this article, we’ll cover how to:

Implement simple keyword search.
Filter results based on specific fields.
Combine search and filtering to make your API even more useful. Let’s dive in!

Implementing Simple Keyword Search

One of the most common ways users interact with an API is through a search bar. The user might type a word or phrase, and your API should return results that match that search query.

Example: Searching for a Book by Title

Let’s say you have a list of books like this:

books = [
    {"id": 1, "title": "The Great Gatsby", "author": "F. Scott Fitzgerald", "year": 1925},
    {"id": 2, "title": "1984", "author": "George Orwell", "year": 1949},
    {"id": 3, "title": "The Grapes of Wrath", "author": "John Steinbeck", "year": 1939}
]

We want to let users search for books by title. For example, if they search for the word "great," the API should return "The Great Gatsby."

Here’s how we can implement a simple search using Flask:

from flask import Flask, request, jsonify

app = Flask(__name__)

# Sample books data
books = [
    {"id": 1, "title": "The Great Gatsby", "author": "F. Scott Fitzgerald", "year": 1925},
    {"id": 2, "title": "1984", "author": "George Orwell", "year": 1949},
    {"id": 3, "title": "The Grapes of Wrath", "author": "John Steinbeck", "year": 1939}
]

# GET: Search for books by title
@app.route('/books', methods=['GET'])
def search_books():
    search_query = request.args.get('search')  # Get the 'search' query parameter from the request
    if search_query:
        # Filter books that contain the search term (case-insensitive) in the title
        result = [book for book in books if search_query.lower() in book['title'].lower()]
        return jsonify(result)

    # If no search query is provided, return all books
    return jsonify(books)

if __name__ == '__main__':
    app.run(debug=True)

How It Works:

The user can search for books by title using the search query parameter.

For example:

GET /books?search=great

This will return the book "The Great Gatsby" because the word "great" is in the title.

Example Response:

[
    {"id": 1, "title": "The Great Gatsby", "author": "F. Scott Fitzgerald", "year": 1925}
]

Implementing Filtering by Specific Fields

Search is useful, but sometimes users want to filter results based on specific fields. For example, they might want books published after 1950 or books written by a specific author.

Example: Filtering by Author and Year
Let’s say users want to filter books by author and year. We can add two query parameters to handle this: author and year.

@app.route('/books', methods=['GET'])
def filter_books():
    author = request.args.get('author')  # Get 'author' query parameter
    year = request.args.get('year')  # Get 'year' query parameter

    # Filter books by author and/or year
    result = books
    if author:
        result = [book for book in result if book['author'].lower() == author.lower()]
    if year:
        result = [book for book in result if book['year'] >= int(year)]

    return jsonify(result)

How It Works:

Users can filter by author (case-insensitive) and/or year.
If only the author parameter is provided, it will return books by that author.
If only the year parameter is provided, it will return books published after (or in) that year.
If both are provided, it will filter by both criteria.

Example Request:

GET /books?author=george%20orwell&year=1940

Example Response:

[
    {"id": 2, "title": "1984", "author": "George Orwell", "year": 1949}
]

In this case, we are filtering for books written by George Orwell and published after 1940, so it returns "1984."

Combining Search and Filtering

Now let’s put it all together! We’ll allow users to search by title and filter by author and year, all in the same API request.

@app.route('/books', methods=['GET'])

def search_and_filter_books():
    search_query = request.args.get('search')  # Search by title
    author = request.args.get('author')  # Filter by author
    year = request.args.get('year')  # Filter by year

    # Start with all books
    result = books

    # If a search query is provided, filter by title (case-insensitive)
    if search_query:
        result = [book for book in result if search_query.lower() in book['title'].lower()]

    # If an author is provided, filter by author (case-insensitive)
    if author:
        result = [book for book in result if book['author'].lower() == author.lower()]

    # If a year is provided, filter by books published after or in that year
    if year:
        result = [book for book in result if book['year'] >= int(year)]

    return jsonify(result)

How It Works:

The user can combine the search and filtering options.
The search query parameter filters by title.
The author and year parameters filter by author and publication year, respectively.

Example Request:

GET /books?search=great&author=f.%20scott%20fitzgerald

Example Response:

[
    {"id": 1, "title": "The Great Gatsby", "author": "F. Scott Fitzgerald", "year": 1925}
]

In this request, the user is searching for books with "great" in the title, written by "F. Scott Fitzgerald."

Best Practices for Search and Filtering

Here are a few tips to keep in mind when implementing search and filtering in your API:

Be flexible with filters: Allow users to combine multiple filters, but don’t require all filters to be present. If the user doesn’t specify a filter, return all results for that field.
Make searches case-insensitive: Users shouldn’t have to worry about matching exact letter cases.
Paginate large results: If you have a lot of data, consider adding pagination to your API to avoid overwhelming users with too many results at once.
Validate user input: If the user provides invalid data (e.g., a string for a year filter), return a helpful error message.

Implementing search and filtering in your API makes it much more powerful and user-friendly. Whether users want to search by keywords, filter by specific fields, or combine both, these features give them more control over the data they receive. EchoAPI takes this functionality to the next level, offering a comprehensive suite of tools that streamline every aspect of API development.

Conclusion

Whether you're improving your API with advanced search and filtering or handling complex tasks like load testing and debugging, EchoAPI provides everything you need in one versatile tool.

Happy coding! 😊

How to Build a Weather App in VSCode for Beginners(2): Post-response Automated Testing

Daniel Ma — Thu, 07 Nov 2024 11:25:40 +0000

Previously, we built a weather app backend together, but how do we ensure the returned result is what we expect? While it's easy to manually check the output for small responses, what if the returned data is large or difficult to verify line by line?

Today, we’re going to dive deeper and explore how to use Post-response in EchoAPI to automate the testing process. This will allow us to automatically check if the API responses match our expectations, saving us time and effort.

To automate tests with EchoAPI, you'll be using its Post-response feature to write scripts that run automatically after an API request. These scripts help verify the correctness of your API responses and ensure your application behaves as expected even when you make changes later.

Let’s break down how you can automate your weather app tests using EchoAPI in detail.

Steps to Automate Tests with EchoAPI

Set Up EchoAPI in VSCode

Make sure you have the EchoAPI for VS Code extension installed in VSCode. Once installed, you'll be able to test and automate requests within the EchoAPI interface. It is Free to use!!!

Create a GET request:

Set the method to GET.

Use the following URL for testing the weather API:

http://localhost:3000/weather?city=London

Click 'Send' to make sure your request works and returns the correct weather data. You should see a JSON response in Response like this:

Add a Post-response Script

Now that you’ve tested your weather API manually, let’s add automated tests to verify the response data.

Go to the Post-response tab in EchoAPI for your request.

Add a Post-response script using JavaScript to automatically check the weather data.

Here’s an example of a simple post-scripts script that verifies:

The response status is 200 (OK).
The response contains a Temperature field and ensure the 'temperature' is a number
The response contains a Weather field and ensure the 'weather' field is a string
The response contains a City field and ensure the 'city' field is a string

// Check if the response status is 200 (OK)

pm.test("Status code is 200", function () {
  pm.response.to.have.status(200);
});

// Check if the response has 'temperature', 'weather', and 'city' fields

pm.test("Response contains temperature, weather, and city", function () {
  var jsonData = pm.response.json();
  pm.expect(jsonData).to.have.property('temperature');
  pm.expect(jsonData).to.have.property('weather');
  pm.expect(jsonData).to.have.property('city');
});

// Ensure the 'temperature' is a number

pm.test("Temperature is a number", function () {
  var jsonData = pm.response.json();
  pm.expect(jsonData.temperature).to.be.a('number');
});

// Ensure the 'weather' field is a string

pm.test("Weather is a string", function () {
  var jsonData = pm.response.json();
  pm.expect(jsonData.weather).to.be.a('string');
});

// Ensure the 'city' field is a string

pm.test("City is a string", function () {
  var jsonData = pm.response.json();
  pm.expect(jsonData.city).to.be.a('string');
});

Run the Test

After adding the test script, hit 'Send' again' to run your request and automatically execute the test script.

Then click 'Test result' on the right side.

The test results will display whether the checks passed or failed.
If everything passes, you’ll see something like:

Automate Post-response with More Tasks (Optional)

If you want to do multiple Post-response Automated Testings, you can add additional tasks in the Post-response section. This allows you to run all your tests at once in a single go.

We can add different requests for multiple cities, error scenarios and attach specific test scripts to each one in our case.

Error Checking

To make sure your app handles various scenarios, you can modify the requests and test error cases.

For example, test with an invalid city name:

Change the request URL to something invalid:

http://localhost:3000/weather?city=InvalidCity

Add test script to handle this case in a new task:

// Check if the response status is 500 (Internal Server Error) for invalid cities

pm.test("Status code is 500 for invalid city", function () {
  pm.response.to.have.status(500);
});

// Check for the error message in the response

pm.test("Error message is returned for invalid city", function () {
  var jsonData = pm.response.json();
  pm.expect(jsonData).to.have.property('error');
  pm.expect(jsonData.error).to.eql("Failed to fetch weather data");
});

When you run this test, EchoAPI will automatically verify that your API responds with the correct error message and status code for invalid input.

Test Different Scenarios

In addition to the existing tests, let's verify that the returned data is for New York, the Big Apple. We’re going to create a new task and name it "This is for 🍎".

Change the request URL to New York:

http://localhost:3000/weather?city=New%20York

Here’s the script you’ll add in the Post-response section:

// Ensure the 'City' is New York"
pm.test("City is 🍎", function () {
  var jsonData = pm.response.json();
  pm.expect(jsonData.city).to.eql("New York");
});

Once you’ve added this script, click 'Send' again. EchoAPI will automatically run all the tests and show you which tests passed and which ones failed.

Here is the result:

You can adjust the execution order by dragging the icon here to rearrange them.

Turn on and off the post-response execution by toggling the switch.

Why Automate Tests with EchoAPI?

Free: It's Free!!!
Consistency: Ensure your API responses are consistent over time.
Quick Validation: Automatically check multiple aspects of your API without manually reviewing the data each time.
Error Prevention: Catch errors or regressions early before deploying changes.

Automating your tests with EchoAPI ensures your weather app works as expected. Keeping a reliable API has never been this straightforward.

Happy coding 🎉.

What is Thunder Client? A Complete Guide to Its Advantages and Disadvantages

Daniel Ma — Wed, 06 Nov 2024 12:04:43 +0000

Thunder Client is a widely used extension for VSCode, specifically designed for API testing. In this article, we'll explore how to effectively use this extension based on firsthand experience and discuss whether it can truly replace Postman.

What is Thunder Client?

Thunder Client is an extension for Visual Studio Code that serves as an API client. It offers features such as API testing, collections, test scripts, CI/CD integration, Git collaboration, and local storage. Many users prefer Thunder Client as a lightweight GUI API testing tool within VS Code, often using it as a substitute for Postman.

Key Features of Thunder Client

Despite being a lightweight tool, Thunder Client is fully equipped for API testing. For example:

GUI-based configuration for API parameters, headers, and body, allowing users to send requests easily.
View response results directly within the GUI.
Built-in testing functionality without the need for scripts, enabling users to check response results against specified conditions.
Organize requests into collections for bulk execution.
Supports environment variables, allowing for multiple sets of variables for testing and production.
Capable of importing Postman collection files for use.

For those looking to test APIs directly and quickly from within VSCode during development, Thunder Client is an excellent choice.

How to Use Thunder Client

So how can you test APIs using Thunder Client in VS Code? Here, we'll introduce the main features available in Thunder Client.

Installing Thunder Client

To use Thunder Client, first install it as an extension in Visual Studio Code. Follow these steps:

Open Visual Studio Code and click on the Extensions icon in the left menu.
Type Thunder Client in the search box at the top.
Click on Thunder Client in the search results, then hit the Install button.

Now, the Thunder Client extension will be installed on your computer.

Testing APIs with Thunder Client

Once Thunder Client is installed, you’ll see an icon for it in the left menu of VS Code. Click on this icon to start using Thunder Client.

Step 1: To begin testing an API, click the New Request button at the top of the screen.

Step 2: The API configuration screen will appear. Here you can enter the HTTP method, API endpoint, and required parameters. Click the Send button to submit your request.

All sent requests will be displayed in the Activity tab on the left.

Validating API Response Data

After receiving response data from the server, you can use Thunder Client's testing functionality to validate that data.

In the API execution screen, click on the Tests tab to add validation conditions.

For example, you can set conditions like:

Response code is 200
Response time is under 500 milliseconds
Data format is JSON

When you click the Send button, the results of your response validation will be shown in the rightmost panel.

Running Collections in Thunder Client

Similar to Postman, Thunder Client supports collection execution. You can add previously sent requests to a collection via the Activity tab or create new requests within the collection.

While Thunder Client allows you to send multiple requests in bulk, it lacks more advanced testing features, such as request grouping and condition-based testing for automation.

Additionally, like Postman, the execution of collections is limited. In the free version, you can only execute collections 30 times a month.

Related Reading:

Resolved: Solutions to Postman Collection Runner Limitations

When you hit the limit on Postman's collection runner, you encounter the "You have exhausted all the runs." error, which can be disruptive. This article provides solutions for overcoming the Postman collection limits for free.

Can Thunder Client Replace Postman?

Can the Thunder Client extension for VS Code fully replace Postman? In short, while Thunder Client is useful, Postman offers a more specialized and feature-rich API testing experience, making Thunder Client a temporary substitute. However, if you only need to send API requests directly from VS Code during development, Thunder Client is quite handy.

Next, let's look at the reasons why Thunder Client may fall short.

Mandatory Paywall: Significant Limitations on the Free Version

First, Thunder Client imposes a paywall that restricts access to many of its features in the free version. This limitation can significantly hinder your ability to fully utilize the tool for API development. In contrast, Postman offers a more comprehensive set of features even in its free version, allowing users to set up mock servers, automate tests, and collaborate on projects.

However, the free version of Postman also comes with certain limitations, such as restricted usage limits for its advanced features. Although both tools have their constraints, the mandatory payment model of Thunder Client can make it challenging for users looking to access a wide range of functionalities without incurring costs.

Powerful Free Version of EchoAPI

This is where a more powerful API testing tool like EchoAPI shines, offering robust features even in its free version.

Advanced Testing and Automation

While Thunder Client allows you to execute multiple requests at once by adding them to the same collection, it does not offer advanced testing features such as request grouping or conditional branching. In contrast, Postman provides the ability to leverage collection features and customize testing steps with various conditions through its flow functionality, making API test automation straightforward.

For a more user-friendly experience in conducting advanced testing and automation, EchoAPI stands out. Unlike Postman, where collection and flow functionalities are separate, EchoAPI enables intuitive GUI interactions to add testing steps and apply conditions, enhancing convenience significantly.

Collaboration Challenges

When working in a team on API development, Thunder Client can be quite limiting. It lacks an account system, making it difficult to collaborate with other team members and share API data with them. On the other hand, Postman offers collaboration features that allow seamless updates to API data among team members.

Additionally, EchoAPI provides collaboration functionality similar to Postman. Any changes made within a project are synchronized with all team members seamlessly. EchoAPI also supports a "sprint branch" feature akin to Git, where team members can create their own branches to introduce changes without affecting the Main branch data. After completing changes, they can merge them into the Main branch, further improving collaboration efficiency in API development.

Conclusion

This article has explored the use of Thunder Client, a VS Code extension, and its viability as an alternative to Postman.

Thunder Client provides essential features for API testing, such as GUI-based validation of response results and bulk execution of multiple requests. However, it lacks the advanced functionalities found in Postman, particularly in areas like mock server setup, test automation, and collaboration. Therefore, while Thunder Client is useful for simple API requests, Postman remains better suited for rigorous API testing.

For thorough API testing or development that emphasizes collaboration, EchoAPI emerges as a compelling alternative to Postman, offering ease of use and more straightforward advanced testing capabilities.