Dracarys - Financial API Automation Framework

A comprehensive test automation framework for testing financial APIs, including wallet and credit scoring services.

Table of Contents

• Features
• Prerequisites
• Installation
• Configuration
• Project Structure
• Running Tests
• Test Categories
• Reporting
• Extending the Framework
• Best Practices

Features

• API Testing: Comprehensive testing of REST APIs
• Performance Testing: Load and stress testing capabilities
• Security Testing: Security vulnerability testing
• Data-Driven Testing: Support for data-driven tests
• Parallel Execution: Parallel test execution for faster results
• Detailed Reporting: Comprehensive test reports with metrics
• Database Validation: Ability to validate data in databases
• Environment Configuration: Support for multiple environments

Prerequisites

• Java 8 or higher
• Maven 3.6 or higher
• TestNG 7.4 or higher
• RestAssured 4.3 or higher
• MySQL or PostgreSQL (for database validation)

Installation

1. Clone the repository:

   git clone https://github.com/iwasforcedtobehere/Dracarys.git
   cd Dracarys
   

2. Install dependencies:

   mvn clean install
   

Configuration

Environment Configuration

The framework supports multiple environments (dev, test, staging, prod). Configuration files are located in src/main/resources/.

1. config.properties:

   # Base URI for API
   baseURI=https://api.example.com
   
   # API version
   apiVersion=v1
   
   # Environment
   environment=test
   
   # Database configuration
   db.driver=com.mysql.jdbc.Driver
   db.url=jdbc:mysql://localhost:3306/test_db
   db.username=test_user
   db.password=test_password
   
   # Authentication
   auth.type=bearer
   auth.token=your_auth_token
   

2. log4j2.xml: Configure logging levels and appenders as needed.

Test Configuration

Test configurations are defined in src/test/resources/testng.xml. You can create different test suites for different purposes.

Project Structure

Dracarys/
├── src/
│   ├── main/
│   │   ├── java/
│   │   │   └── com/financial/api/
│   │   │       ├── config/          # Configuration classes
│   │   │       ├── models/          # Data models
│   │   │       │   ├── wallet/      # Wallet-related models
│   │   │       │   └── credit/      # Credit-related models
│   │   │       ├── services/        # API service classes
│   │   │       └── utils/           # Utility classes
│   │   └── resources/
│   │       ├── config.properties    # Configuration file
│   │       └── log4j2.xml           # Logging configuration
│   └── test/
│       ├── java/
│       │   └── com/financial/api/
│       │       └── tests/           # Test classes
│       │           ├── WalletApiTest.java
│       │           ├── CreditApiTest.java
│       │           ├── WalletPerformanceTest.java
│       │           ├── CreditPerformanceTest.java
│       │           ├── WalletSecurityTest.java
│       │           └── CreditSecurityTest.java
│       └── resources/
│           └── testng.xml           # Test configuration
├── pom.xml                          # Maven dependencies
└── README.md                        # This file

Running Tests

Running All Tests

mvn clean test

Running Specific Test Suite

mvn clean test -Dsuite=src/test/resources/testng.xml

Running Tests with Specific Groups

mvn clean test -Dgroups=smoke
mvn clean test -Dgroups=regression
mvn clean test -Dgroups=performance
mvn clean test -Dgroups=security

Running Tests in Parallel

mvn clean test -Dparallel=methods -DthreadCount=5

Test Categories

The framework includes several categories of tests:

1. Functional Tests

• WalletApiTest: Tests for wallet operations

  • Create wallet
  • Get wallet
  • Update wallet
  • Get wallet balance
  • Create transaction
  • Get transaction
  • Update transaction status
  • Deposit funds
  • Withdraw funds

• CreditApiTest: Tests for credit operations

  • Submit credit application
  • Get credit application
  • Update credit application
  • Get applications by status
  • Calculate credit score
  • Get credit score
  • Get credit score history
  • Approve application
  • Reject application
  • Get credit products

2. Performance Tests

• WalletPerformanceTest: Performance tests for wallet operations

  • Create multiple wallets
  • Get multiple wallets
  • Create multiple transactions
  • Deposit funds performance
  • Get wallet balance performance
  • Get transactions performance
  • Transfer funds performance

• CreditPerformanceTest: Performance tests for credit operations

  • Submit multiple applications
  • Get multiple applications
  • Calculate multiple credit scores
  • Get multiple credit scores
  • Get credit score histories
  • Get applications by status performance
  • Get credit products performance

3. Security Tests

• WalletSecurityTest: Security tests for wallet operations

  • SQL injection in wallet creation
  • XSS in wallet creation
  • Authentication bypass in wallet retrieval
  • Authorization bypass in wallet retrieval
  • IDOR in wallet retrieval
  • SQL injection in transaction creation
  • XSS in transaction creation
  • Negative amount in transaction creation
  • Extremely large amount in transaction creation
  • Authentication bypass in transaction retrieval
  • Authorization bypass in transaction retrieval
  • CSRF protection in wallet update
  • Rate limiting in wallet creation
  • Input validation in wallet creation
  • Sensitive data exposure in wallet response

• CreditSecurityTest: Security tests for credit operations

  • SQL injection in credit application submission
  • XSS in credit application submission
  • Authentication bypass in credit application retrieval
  • Authorization bypass in credit application retrieval
  • IDOR in credit application retrieval
  • SQL injection in credit score calculation
  • XSS in credit score calculation
  • Negative loan amount in credit application submission
  • Extremely large loan amount in credit application submission
  • Negative loan term in credit application submission
  • Extremely large loan term in credit application submission
  • Authentication bypass in credit score retrieval
  • Authorization bypass in credit score retrieval
  • CSRF protection in credit application update
  • Rate limiting in credit application submission
  • Input validation in credit application submission
  • Sensitive data exposure in credit application response
  • Sensitive data exposure in credit score response

Reporting

The framework generates detailed reports for test execution:

Console Reports

• Real-time test execution status
• Test pass/fail statistics
• Test execution time metrics
• Error logs and stack traces

HTML Reports

• Comprehensive test reports with charts
• Test execution summary
• Detailed test results
• Performance metrics
• Security vulnerability findings

Log Files

• Detailed execution logs
• Error logs
• Debug information

Extending the Framework

Adding New API Tests

1. Create a new test class in src/test/java/com/financial/api/tests/
2. Extend the appropriate base class if available
3. Add test methods with appropriate annotations
4. Use the existing service classes or create new ones

Adding New API Services

1. Create a new service class in src/main/java/com/financial/api/services/
2. Extend the BaseService class
3. Implement methods for API operations
4. Use RestAssured for HTTP requests

Adding New Data Models

1. Create a new model class in src/main/java/com/financial/api/models/
2. Define fields with appropriate data types
3. Add getters and setters
4. Add validation annotations if needed

Adding New Utilities

1. Create a new utility class in src/main/java/com/financial/api/utils/
2. Implement utility methods
3. Make methods static if appropriate
4. Add Javadoc comments

Best Practices

Test Design

• Follow the Arrange-Act-Assert pattern
• Keep tests independent and isolated
• Use descriptive test names
• Add proper test documentation
• Use assertions effectively

Code Quality

• Follow Java coding standards
• Use meaningful variable and method names
• Add proper comments and documentation
• Keep methods small and focused
• Handle exceptions properly

Performance Testing

• Define realistic performance thresholds
• Use appropriate load levels
• Monitor system resources during tests
• Analyze performance metrics
• Identify and address bottlenecks

Security Testing

• Test for common security vulnerabilities
• Use both positive and negative test cases
• Validate input sanitization
• Test authentication and authorization
• Check for sensitive data exposure

Maintenance

• Regularly update dependencies
• Refactor code as needed
• Add new tests for new features
• Fix failing tests promptly
• Keep documentation up to date

Troubleshooting

Common Issues

1. Test Failures Due to Environment Changes

   • Update configuration files
   • Check API endpoints
   • Verify authentication tokens

2. Database Connection Issues

   • Check database credentials
   • Verify database URL
   • Ensure database is running

3. Performance Test Failures

   • Check system resources
   • Verify test data
   • Adjust performance thresholds

4. Security Test Failures

   • Check API security implementations
   • Verify input validation
   • Review authentication and authorization

Getting Help

• Check the project documentation
• Review test code examples
• Contact the framework maintainers
• Submit issues on GitHub

Contributing

We welcome contributions to the framework! Please follow these guidelines:

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests for new functionality
5. Ensure all tests pass
6. Submit a pull request

License

This project is licensed under the MIT License - see the LICENSE file for details.