Test Plan for CAPIF Api Publish Service
At this documentation you will have all information and related files and examples of test plan for this API.
Test Case 1: Publish API by Authorised API Publisher
Test ID: capif_api_publish_service-1
Description:
This test case will check that an API Publisher can Publish an API
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
-
Send Post to ccf_publish_url: https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Use APF Certificate
Execution Steps:
-
Register Provider at CCF and store certificates.
-
Publish Service API
-
Retrieve {apiId} from body and Location header with new resource created from response
Expected Result:
-
Response to Publish request must accomplish:
- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:
- apiId
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
-
Published Service API is stored in CAPIF Database
Test Case 2: Publish API by NON Authorised API Publisher
Test ID: capif_api_publish_service-2
Description:
This test case will check that an API Publisher cannot Publish an API withot valid apfId
Pre-Conditions:
- CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
Information of Test:
-
Perform Provider Registration
-
Publish Service API with invalid APF ID at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{APF_ID_NOT_VALID}/service-apis
- body service api description with apiName service_1
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API with invalid APF ID
Expected Result:
-
Response to Publish request must accomplish:
- 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 401
- title with message "Unauthorized"
- detail with message "Publisher not existing".
- cause with message "Publisher id not found".
-
Service API is NOT stored in CAPIF Database
Test Case 3: Retrieve all APIs Published by Authorised apfId
Test ID: capif_api_publish_service-3
Description:
This test case will check that an API Publisher can Retrieve all API published
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
- At least 2 service APIs are published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
-
Publish Other Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_2
- Get apiId
- Use APF Certificate
-
Retrieve all published APIs:
- Send Get to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API service_1
- Retrieve {apiId1} from body and Location header with new resource created from response
- Publish Service API service_2
- Retrieve {apiId2} from body and Location header with new resource created from response
- Retrieve All published APIs and check if both are present.
Expected Result:
-
Response to service 1 Publish request must accomplish:
- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:
- apiId
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId1}
-
Response to service 2 Publish request must accomplish:
- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:
- apiId
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId2}
-
Published Service APIs are stored in CAPIF Database
-
Response to Retrieve all published APIs:
- 200 OK
- Response body must return an array of ServiceAPIDescription data.
- Array must contain all previously published APIs.
Test Case 4: Retrieve all APIs Published by NON Authorised apfId
Test ID: capif_api_publish_service-4
Description:
This test case will check that an API Publisher cannot Retrieve API published when apfId is not authorised
Pre-Conditions:
- CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
Information of Test:
-
Perform Provider Registration
-
Retrieve all published APIs:
- Send Get to https://{CAPIF_HOSTNAME}/published-apis/v1/{APF_ID_NOT_VALID}/service-apis
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Retrieve All published APIs
Expected Result:
-
Response to Publish request must accomplish:
- 401 Non Authorized
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 401
- title with message "Unauthorized"
- detail with message "Provider not existing".
- cause with message "Provider id not found".
-
Service API is NOT stored in CAPIF Database
Test Case 5: Retrieve single APIs Published by Authorised apfId
Test ID: capif_api_publish_service-5
Description:
This test case will check that an API Publisher can Retrieve API published one by one
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
- At least 2 service APIs are published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
-
Publish Other Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_2
- Get apiId
- Use APF Certificate
-
Retrieve service_1 published APIs detail:
- Send Get to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{apiId1}
- Use APF Certificate
-
Retrieve service_2 published APIs detail:
- Send Get to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{apiId2}
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API service_1.
- Retrieve {apiId1} from body and Location header with new resource created from response.
- Publish Service API service_2.
- Retrieve {apiId2} from body and Location header with new resource created from response.
- Retrieve service_1 API Detail.
- Retrieve service_2 API Detail.
Expected Result:
-
Response to service 1 Publish request must accomplish:
- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:
- apiId
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId1}
-
Response to service 2 Publish request must accomplish:
- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:
- apiId
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId2}
-
Published Service APIs are stored in CAPIF Database
-
Response to Retrieve service_1 published API using apiId1:
- 200 OK
- Response body must return a ServiceAPIDescription data.
- Array must contain same information than service_1 published registration response.
-
Response to Retrieve service_2 published API using apiId2:
- 200 OK
- Response body must return a ServiceAPIDescription data.
- Array must contain same information than service_2 published registration response.
Test Case 6: Retrieve single APIs non Published by Authorised apfId
Test ID: capif_api_publish_service-6
Description:
This test case will check that an API Publisher try to get detail of not published api.
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
- No published api
Information of Test:
- Perform Provider Registration
- Retrieve not published APIs detail:
- Send Get to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Retrieve not published API Detail.
Expected Result:
- Response to Retrieve for NOT published API must accomplish:
- 404 Not Found
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 404
- title with message "Not Found"
- detail with message "Service API not found".
- cause with message "No Service with specific credentials exists".
Test Case 7: Retrieve single APIs Published by NON Authorised apfId
Test ID: capif_api_publish_service-7
Description:
This test case will check that an API Publisher cannot Retrieve detailed API published when apfId is not authorised
Pre-Conditions:
- CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
Information of Test:
-
Perform Provider Registration and Invoker Onboarding
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
-
Retrieve detailed published APIs:
- Send Get to https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/${apiId}
- Use Invoker certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API at CCF
- Retrieve {apiId} from body and Location header with new resource created from response.
- Register and onboard Invoker at CCF
- Store signed Invoker Certificate
- Retrieve detailed published API acting as Invoker
Expected Result:
-
Response to Retrieve Detailed published API acting as Invoker must accomplish:
- 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 401
- title with message "Unauthorized"
- detail with message "User not authorized".
- cause with message "Certificate not authorized".
-
Service API is NOT stored in CAPIF Database
Test Case 8: Update API Published by Authorised apfId with valid serviceApiId
Test ID: capif_api_publish_service-8
Description:
This test case will check that an API Publisher can Update published API with a valid serviceApiId
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
- A service APIs is published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- get resource url from location Header.
- Use APF Certificate
-
Update published API at CCF:
- Send PUT to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}
- body service api description with overrided apiName to service_1_modified
- Use APF Certificate
-
Retrieve detail of service API:
- Send Get to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}
- check apiName is service_1_modified
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API
- Retrieve {apiId} from body and Location header with new resource url created from response
- Update published Service API.
- Retrieve detail of Service API
Expected Result:
-
Response to Publish request must accomplish:
- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:
- apiId
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
-
Response to Update Published Service API:
- 200 OK
- Response Body must follow ServiceAPIDescription data structure with:
- apiName service_1_modified
-
Response to Retrieve detail of Service API:
- 200 OK
- Response Body must follow ServiceAPIDescription data structure with:
- apiName service_1_modified.
Test Case 9: Update APIs Published by Authorised apfId with invalid serviceApiId
Test ID: capif_api_publish_service-9
Description:
This test case will check that an API Publisher cannot Update published API with a invalid serviceApiId
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
-
Update published API at CCF:
- Send PUT to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}
- body service api description with overrided apiName to service_1_modified
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Update published Service API.
Expected Result:
-
Response to Publish request must accomplish:
- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:
- apiId
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
-
Response to Update Published Service API:
- 404 Not Found
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 404
- title with message "Not Found"
- detail with message "Service API not found".
- cause with message "Service API id not found".
Test Case 10: Update APIs Published by NON Authorised apfId
Test ID: capif_api_publish_service-10
Description:
This test case will check that an API Publisher cannot Update API published when apfId is not authorised
Pre-Conditions:
- CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
Information of Test:
-
Perform Provider Registration and Invoker Onboarding
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
-
Update published API at CCF:
- Send PUT to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
- body service api description with overrided apiName to service_1_modified
- Use invoker certificate
-
Retrieve detail of service API:
- Send Get to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}
- check apiName is service_1
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API at CCF
- Retrieve {apiId} from body and Location header with new resource created from response.
- Register and onboard Invoker at CCF
- Store signed Invoker Certificate
- Update published API at CCF as Invoker
- Retrieve detail of Service API as publisher
Expected Result:
-
Response to Update published API acting as Invoker must accomplish:
- 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 401
- title with message "Unauthorized"
- detail with message "User not authorized".
- cause with message "Certificate not authorized".
-
Response to Retrieve Detail of Service API:
- 200 OK
- Response Body must follow ServiceAPIDescription data structure with:
- apiName service_1.
Test Case 11: Delete API Published by Authorised apfId with valid serviceApiId
Test ID: capif_api_publish_service-11
Description:
This test case will check that an API Publisher can Delete published API with a valid serviceApiId
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
- A service APIs is published.
Information of Test:
-
Perform Provider Registration
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
-
Remove published Service API at CCF:
- Send DELETE to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
- Use APF Certificate
- Retrieve detail of service API:
- Send Get to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API
- Retrieve {apiId} from body and Location header with new resource created from response
- Remove published API at CCF
- Try to retreive deleted service API from CCF
Expected Result:
-
Response to Publish request must accomplish:
- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:
- apiId
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
-
Published Service API is stored in CAPIF Database
-
Response to Remove published Service API at CCF:
- 204 No Content
-
Response to Retrieve for DELETED published API must accomplish:
- 404 Not Found
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 404
- title with message "Not Found"
- detail with message "Service API not found".
- cause with message "No Service with specific credentials exists".
Test Case 12: Delete APIs Published by Authorised apfId with invalid serviceApiId
Test ID: capif_api_publish_service-12
Description:
This test case will check that an API Publisher cannot Delete with invalid serviceApiId
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
Information of Test:
-
Perform Provider Registration
-
Remove published Service API at CCF with invalid serviceId:
- Send DELETE to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}
- Use APF Certificate
Execution Steps:
- Register Provider at CCF and store certificates.
- Remove published API at CCF with invalid serviceId
Expected Result:
- Response to Remove published Service API at CCF:
- 404 Not Found
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 404
- title with message "Not Found"
- detail with message "Service API not found".
- cause with message "Service API id not found".
Test Case 13: Delete APIs Published by NON Authorised apfId
Test ID: capif_api_publish_service-12
Description:
This test case will check that an API Publisher cannot Delete API published when apfId is not authorised
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
Information of Test:
-
Perform Provider Registration and Invoker Onboarding
-
Publish Service API at CCF:
- Send Post to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
-
Remove published Service API at CCF with invalid serviceId as Invoker:
- Send DELETE to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}
- Use invoker certificate.
Execution Steps:
- Register Provider at CCF and store certificates.
- Register Invoker and onboard Invoker at CCF
- Remove published API at CCF with invalid serviceId as Invoker
Expected Result:
- Response to Remove published Service API at CCF:
- 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:
- status 401
- title with message "Unauthorized"
- detail with message "User not authorized".
- cause with message "Certificate not authorized".