Skip to main content



QA Automation Expert

Rest Assured Official site

API Flow


Http Basics


HTTP methods

GET Asks to get the resource at the requested URL. POST Asks the server to accept the body info attached. It is like GET request with extra info sent with the request. HEAD Asks for only the header part of whatever a GET would return. Just like GET but with no body. TRACE Asks for the loopback of the request message, for testing or troubleshooting. PUT Says to put the enclosed info (the body) at the requested URL. DELETE Says to delete the resource at the requested URL. OPTIONS Asks for a list of the HTTP methods to which the thing at the request URL can respond PATCH: For partial updates.

  1. 1xx (100 – 199): The response is informational
  2. 2xx (200 – 299): Assures successful response
  3. 3xx (300 – 399): You are required to take further action to fulfill the request
  4. 4xx (400 – 499): There’s a bad syntax and the request cannot be completed
  5. 5xx (500 – 599): The server entirely fails to complete the request


HTTP Request

Request Line

  • The HTTP method used
  • The request URI
  • The HTTP protocol version

Zero or more headers

  • User-Agent: lets the server identify the application, operating system, vendor, and version.
  • Connection: controls the network connection. In other words, kill or continues the connection after the transaction.
  • Cache-Control: specifies browser caching policies.
  • Accept-Language: indicates what all languages(natural) the client can understand.
  • Accept-Charset
  • Accept-Encoding
  • Authorization
  • Content-Length
  • Content-Type
  • Cookie
  • Expect
  • From
  • Host
  • If-Match
  • If-Modified-Since
  • In-None-Match
  • If-Range
  • If-Unmodified-Since
  • Max-Forwards
  • Proxy-Authorization
  • Range
  • Referer
  • TE

An optional request body

  • _Request body may either be in the form of XML or JSON

HTTPS Response

  1. A status.
  2. Collection of Headers.
  3. A Body.

RestAssured without Static imports

import org.testng.Assert;
import org.testng.annotations.Test;
import io.restassured.RestAssured;
import io.restassured.response.Response;
import io.restassured.response.ValidatableResponse;
import io.restassured.specification.RequestSpecification;

public class WithoutBDDStyle {

static RequestSpecification requestSpecification;
static Response response;
static ValidatableResponse validatableResponse;

public void oldMethodOfRestAssured() {
RestAssured.baseURI = "";
// Create a request specification
requestSpecification = RestAssured.given();
// Calling GET method
response = requestSpecification.get();
// Let's print response body.
// Validate Response
validatableResponse = response.then();
// Get status code
// Check status line is as expected
validatableResponse.statusLine("HTTP/1.1 200 OK");

public void oldMethodOfRestAssuredUsingTestNG() {
RestAssured.baseURI = "";
// Create a request specification
requestSpecification = RestAssured.given();
// Calling GET method
response = requestSpecification.get();
// Let's print response body.
// Get status line
Assert.assertEquals(response.getStatusLine(), "HTTP/1.1 200 OK");
// Get status code
Assert.assertEquals(response.getStatusCode(), 200);

RestAssured withStatic imports BDD style


Characteristics of REST

  • Uniform interface
  • Client Server separation
  • Stateless
  • Layered System
  • Cacheable
  • Code-on-demand(Eg - Flash Video Player)

Rest API Connectors

  1. _Client
  2. _Server
  3. _Cache
  4. _Resolver
  5. _Tunnel

Components in Rest

  1. _Origin Server
  2. _User Agent
  3. _Gateway
  4. _Proxy

Rest Data Elements

  1. Resource
  2. Resource Identifier(URI)
  3. Resource Metadata
  4. Representation (Entire Request or Response)
  5. Representation Metadata(Headers- content-type, content-length, User-Agent, Connection, Accept-Encodin)

Query Parameter And Path Parameter JsonPath XmlPath

Create Json Object with Json Simple

<!-- -->

JSONObject requestParams = new JSONObject(); 
requestParams.put("userId", "TQ123");
requestParams.put("isbn", "9781449325862");
request.header("Content-Type", "application/json");


Serialization is a process where you convert an Instance of a Class (Object of a class) into a Byte Stream. This Byte Stream can then be stored as a file on the disk or can also be sent to another computer via the network. Deserialisation in Opposite of Serialization.


ObjectOutputStream o = new ObjectOutputStream(new FileOutputStream("//File Name"));

Animal animal = new Animal("Cow");



FileInputStream fileStream = new FileInputStream(new File(fileName));
ObjectInputStream objectStream = new ObjectInputStream(fileStream);
Object deserializeObject = objectStream.readObject();


  • Being able to authenticate with Credentials

Basic Authentication(Auth)

  • Does using Authentication headers. ie username and Password is sent in the URL.
given().auth().basic("your username", "your password").get("your end point URL");

Challenge Response Mechanism This means that it waits for the server to challenge rather than send the credentials directly.

given().auth().preemptive().basic("your username", "your password").get("your end point URL");

Digest Authentication

It uses a digestive key in subsequent requests. If at all it is intercepted by an eavesdropper, he will get access only to the transaction performed and not the user password.

given().auth().digest("your username", "your password").get("your end point URL")

Form Authentication

given() .auth().form("your username", "your password").post("your end point URL")
given().auth().form("your username", "your password", new FormAuthConfig("/perform_signIn","user","password"))

OAuth Authentication

//Oauth 1
given().auth().oauth(consumerKey, consumerSecret, accessToken, tokenSecret).get("your end point URL")
// Oauth 2
given().auth().oauth2("Access token").get("your end point URL")


  • Being able to provide valid access. ie (Admin and Employee users )

Put Request

OST request

  • 201 with a location header pointing to the new resource.
  • 400 if the new item is not created.

PUT request

To Be continued

Jira Practice Api's

Jira Api's for practice

Jira Docker Image

Cookie-based authentication Api

API Reference

Session Filter explanation

Attachment and Multipart upload

Extract Response as using extract().asString()

HTTPs relaxed https certifications

OAath 2.0

Access token clinet ID , google sign in Grant type(autherisation code and client credentials)

  1. Hitting the Access Code URL and getting the access code
  2. Hitting the Access Token URL and getting the Access Token
  3. Hitting the actual request with the access token

![[Pasted image 20231123100710.png]]

TOken in Response ![[Pasted image 20231123101213.png]]

![[Pasted image 20231123101952.png]]

![[Pasted image 20231123102141.png]] ![[Pasted image 20231123124455.png]] ![[Pasted image 20231123102325.png]] ![[Pasted image 20231123102358.png]]

![[Pasted image 20231123103612.png]] Access Code

![[Pasted image 20231123123202.png]]

Access Token

![[Pasted image 20231123123433.png]]

Actual Request ![[Pasted image 20231123123315.png]]

Client Credential

![[Pasted image 20231123124427.png]]

![[Pasted image 20231123124636.png]]

Serialisation and Deserialisation using POJO

![[Pasted image 20231123152504.png]] ![[Pasted image 20231123162831.png]]

Request Response Spec Builder

![[Pasted image 20231123180330.png]]

![[Pasted image 20231123180618.png]]

JWT token RestAssured

Form data

![[Pasted image 20231123222103.png]] ![[Pasted image 20231123222155.png]]

Using Rest Assured ![[Pasted image 20231123223410.png]]

![[Pasted image 20231123223744.png]]

Loggig ![[Pasted image 20231124153450.png]]

Rest Assured Framework


  1. Rest Assured dependency includes JsonPath and XmlPath

  2. Rest Assured's dependency declaration comes before (JUnit or TestNG) dependency to make sure that the correct version of Hamcrest is used

    • JsonPath: Used for parsing and extracting data from JSON responses.
    • XmlPath: Used for parsing and manipulating XML responses.
    • Hamcreast is used for assertions.
    • json-schema-validator is used for validating Json Schema Jacson Gson

Static Imports

import io.restassured.RestAssured.*;
import io.restassured.matcher.RestAssuredMatchers.*;
import org.hamcrest.Matchers.*;
import io.restassured.module.jsv.JsonSchemaValidator.*;