Unit testing APIs that require OAuth tokens [closed]

About

Asked 8/3, 2013 at 15:35 Answered 27/5, 2016 at 17:50

I am trying to write a suite of automated integration tests to test my C# client library calls to the Yahoo Fantasy Sports API. Several API calls require OAuth tokens, which is where I am having some difficulty. I can use a web browser to generate an access key and secret and then pass those along in my test code, but the tokens expire after an hour, so I need to manually regenerate these and update my test configuration any time I want to run the tests.

Are there best practices for writing API integration tests when OAuth tokens are required?

Piemonte answered 8/3, 2013 at 15:35 Comment(6)

Can't you automate generating the key? Is there an REST api for that? Or you can just do the http requests in code is you have to. – Twayblade 8/3, 2013 at 15:40

@Sean, how did you end up mocking the Yahoo Fantasy Sports API? Did you create a code framework which mocks it? I have a need to mock the API as well and I'd like to learn about how you did it. – Poucher 11/4, 2014 at 15:18

I was never able to get it fully mocked. I have a framework in progress, which you can view here: github.com/sconno05/yahoo-fantasy-football-tools. I ended up putting the tokens in environment variables, but still need to regenerate them via a web admin page. – Piemonte 14/4, 2014 at 16:43

you can have an idea of Authentication Tests from ServiceStack AuthTests itself - github.com/ServiceStack/ServiceStack/blob/master/tests/… – Biweekly 11/8, 2014 at 10:11

You could create the access token in the initialize method for the group of tests, but that poses at least one problem. What if your tests take longer than the life of the token to complete (hopefully not)? I came here actually interested about unit testing a client that hits a remote API. I'm struggling with the idea of building a mock service for someone elses API. I'd like to see an answer to that here. – Noguchi 15/12, 2014 at 20:59

I guess you could build in a function that refreshes the access token if it has expired. – Noguchi 15/12, 2014 at 21:12

normally such api's offer a way to get authentication tokens without the need to use a browser. I am not sure if yahoo sports is one of those though.

Normally you have to create an application to access an OAuth2 system, they then give you a ClientID and ClientSecret, then you hit a token URL and receive the access token which is then valid for an hour.

You might want to consider not having integration tests at all though. If I were you I would simply mock the Api responses and use that in your tests. So, gt a sample of the response for each call and then simply create a fake response which returns that whenever you hit it. you can then still run your tests.

The question you need to answer is this : what exactly am I testing? Are you testing a third party APi or do you want to test your own code.

Also, don't forget each api allows to be hit a certain number of times during a certain time window. One more reason to fake it, I'd say

Marikomaril answered 27/5, 2016 at 17:50 Comment(1)

what if i am testing 3rd party api that implements OAuth – Brominate 19/5, 2017 at 6:1

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags