HTTP Methods. Authentication & Cookie basics

Web Fundamentals

Web Basics - How to HTTP Work

HTTP - Fundamentals

  • HTTP functions as a request–response protocol in the client–server computing model.

  • HTTP/1.1 & HTTP/2.0.

  • HTTP is an application layer protocol designed within the framework of the Internet protocol suite.

HTTP - Fundamentals : Request & Response

HTTP - GET - Request

  • Retrieve all resources in a collection & can cached.
  • GET requests remain in the browser history & bookmarked
  • GET requests should never be used when dealing with sensitive data & have length restrictions
  • GET requests should be used only to retrieve data

http://scrolltest.com/test?name1=value1

GET /test?name=value1 HTTP/1.1

Host: scrolltest.com

User-Agent: my browser details

Accept: text/html

Accept-Language: en-gb,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

HTTP - POST - Request

  • Create a new resource in a collection
  • POST requests are never cached.
    & do not remain in the browser history.
  • POST requests cannot be bookmarked.
  • POST requests have no restrictions on data length

POST /test/t.php HTTP/1.1
Host: scrolltest.com
name1=value1&name2=value2

POST /test/t.php HTTP/1.1


User-Agent: HTTPTool/1.0

Content-Type: application/raw

Content-Length: 32

name1=value1&name2=value2

HTTP - PUT Request

  • PUT puts a file or resource at a specific URI
  • PUT replaces that file or resource.
  • PUT responses are not cacheable.
  • Update a resource.

PUT /boo/foo.txt HTTP/1.1

Host: www.foo.com

Content-Type: plain/text

This is a testing content for
the text file foo.txt

HTTP - PATCH Request

  • PATCH - Update a partial resource.

  • When you only need to update one field of
    the resource

PATCH /groups/api/v1/groups/{group id}

with request body like

{action:activate|deactivate}

HTTP - DELETE & OPTIONS Request

  • DELETE - Delete a resource.
  • OPTIONS - Return available HTTP methods and other options.

PATCH /groups/api/v1/groups/{group id}

with request body like

{action:activate|deactivate}

HTTP - HEAD & TRACE Request

  • HEAD - For Only Header Information
  • TRACE - Return traces of the request

Curl -I http://google.com

HTTP - Response Codes

Web Authentication & Cookies

Basic authentication - String is encoded with Base64.
curl --header "Authorization: Basic am9objpzZWNyZXQ=" my-website.com

Digest Authentication - Authentication is performed by transmitting the password in an ENCRYPTED form.(With Some Salt etc)

OAuth- Authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.

E.g OAuth 1, 2.




Cookies

Cookies are usually small text files, given ID tags that are stored on your computer's browser directory or program data subfolders.

GET /spec.html HTTP/1.1

Host: www.example.org

Cookie: theme=light; sessionToken=abc123

  • Record the user's browsing activity.
  • Which pages were visited in the past.
  • Contain the name of the domain & Lifetime.

Tool : EditThisCookie - http://bit.ly/1oe1o08

Test Plan & Test Cases and Best Practices of API Testing

Next Lecture…...

HTTP Methods. Authentication & Cookie basics - Google Slides