What QA Should Know About HTTP Requests
What QA Should Know About HTTP Requests
HTTP (HyperText Transfer Protocol) is a protocol for transmitting data over the internet. For QA engineers, understanding HTTP requests is critical for testing APIs and web applications. This article focuses on the GET, POST, PUT, DELETE, and PATCH methods, status codes, and request/response bodies.
HTTP Methods
HTTP methods define the action a client wants to perform on a server resource:
- GET: Retrieves data from the server (e.g., fetching a list of users via
/api/users). It does not include a request body; data is passed through URL parameters. - POST: Sends data to the server to create a new resource (e.g., creating a user). The request body typically contains data in JSON or FormData format.
- PUT: Fully updates an existing resource (e.g., updating a user profile at
/api/users/123). Requires sending the complete set of data in the request body. - DELETE: Deletes a specified resource (e.g., removing a user at
/api/users/123). Typically does not include a request body. - PATCH: Partially updates a resource (e.g., changing only a user’s name). The request body contains only the fields to be updated.
Status Codes
Status codes in HTTP responses indicate the result of the request:
- 2xx (Success):
- 200 OK: Request successful, data returned.
- 201 Created: Resource successfully created (typically for POST).
- 204 No Content: Request successful, but no data returned (often for DELETE).
- 3xx (Redirection):
- 301 Moved Permanently: Resource moved to a new URL.
- 302 Found: Temporary redirection.
- 4xx (Client Error):
- 400 Bad Request: Invalid request (e.g., malformed JSON).
- 401 Unauthorized: Authentication required.
- 403 Forbidden: Access denied.
- 404 Not Found: Resource not found.
- 5xx (Server Error):
- 500 Internal Server Error: General server error.
- 503 Service Unavailable: Server temporarily unavailable.
Request and Response Body
- Request Body: Data sent by the client to the server. Used in POST, PUT, and PATCH methods. Formats include:
- JSON (e.g.,
{"name": "John", "age": 30}). - XML, FormData, or others, depending on the API.
- GET and DELETE requests typically do not include a body.
- JSON (e.g.,
- Response Body: Data returned by the server. The format depends on the request and API:
- JSON (e.g.,
{"id": 123, "name": "John"}). - HTML, XML, or text.
- For 204 No Content, the response body is empty.
- JSON (e.g.,
What QA Should Test
- Methods: Verify that GET retrieves data, POST creates resources, PUT fully updates, PATCH partially updates, and DELETE removes resources.
- Status Codes: Ensure codes match the scenario (e.g., 201 for POST, 404 for non-existent resources).
- Request Body: Test data validity (structure, types, required fields) and error handling (e.g., empty or invalid body).
- Response Body: Check format, structure, and correctness of returned data (e.g., JSON schemas, expected fields).
- Edge Cases: Test empty bodies, large data, and non-standard characters.