SlideShare a Scribd company logo

Test Coverage for Your WP REST API Project

•
•
Pantheon
Pantheon

The document discusses the importance of test coverage for WordPress REST API projects. It explains that test coverage ensures security and reliability by explicitly testing that private information is not disclosed, unauthorized requests are not permitted, and consistent responses are returned. The document provides examples of unit and integration tests for a phone number formatting function and REST API endpoint. It emphasizes that test-driven development and continuous integration helps catch errors and security issues early.

Data & Analytics
1 of 30
Download to read offline
Ensure Security and Reliability with Test Coverage Test Coverage for Your WP REST API Project
Daniel Bachhuber, Author Daniel Bachhuber knows a thing or two about WordPress. In addition to working on the WP REST API, Bachhuber founded Handbuilt, a shop providing WordPress development and consulting services. He also founded Runcommand and is an active maintainer of the WP-CLI.
Daniel Bachhuber, Author Bachhuber wrote this tutorial to help developers working with the WP REST API ensure a secure, performant site. Whether you are currently working on a REST API project or not, check out Daniel’s tips for securing endpoints as you go.
Alex the developer is pretty excited about the WordPress REST API. Because the infrastructural components were introduced in WordPress 4.4, they too can use register_rest_route() to easily register their own WP REST API endpoints. In fact, they love registering routes so much that they’re creating API endpoints for every project they work on. Sound like you too? Are you writing full test coverage for your endpoints as you go? If not, you absolutely need to be, for two primary reasons: security and reliability. If you aren’t writing test coverage for your endpoints, sorry Charlie—your endpoints are probably insecure, and probably behave unexpectedly for clients. This tutorial is everything you need to get started. Ensure Security and Reliability
To start at the beginning, “writing tests” is a way for you, as the developer of a complex application, to define assertions of how the application’s functionality is expected to work. Pairing your tests with a continuous integration system like Travis CI means your suite of tests will be run automatically on every push or pull request, making it much easier to incorporate tests into your development workflow. What Are We Talking About?
As it relates to your WP REST API endpoints, there are two common ways to think about test coverage. • “Unit tests” test the smallest testable part of your application (e.g. the phone formatting function in this tutorial). • “Integration tests” test groups of application functionality (e.g. the WP REST API endpoints in this tutorial). What Are We Talking About?
Invest in Security and Performance Test coverage is additive; the only place to start is at the very beginning. Continual investment over time leads to an increasing amount of test coverage, and greater confidence that your application isn’t breaking unexpectedly as it becomes more complex. Say, for instance, you’ve written a rad_format_phone_number( $input ) function to format phone numbers within your WordPress application. Your first pass at the function produces something like this: function rad_format_phone_number( $input ) { $bits = explode( '-', $input ); return "({$bits[0]}) {$bits[1]}-{$bits[2]}"; }
To ensure the function works as expected, you write a test case for it like this: You run phpunit to see if the test passes—and it does! Invest in Security and Performance function test_format_phone_number() { $this->assertEquals( '(555) 212- 2121', rad_format_phone_number( '555-212-2121' ) ); }
Test-Driven Development What if a user passes a value like 5552122121 or +1 (555) 212 2121? Or even an empty string? Make sure your function can handle these alternative formats, as well as the original input format you created the function for. Using Test-Driven Development, you can actually write the test cases first, and then adapt your function until the tests pass. function test_format_phone_number() { $this->assertEquals( '(555) 212-2121', rad_format_phone_number( '555-212-2121' ) ); $this->assertEquals( '(555) 212-2121', rad_format_phone_number( '5552122121' ) ); $this->assertEquals( '(555) 212-2121', rad_format_phone_number( '+1 (555) 212 2121' ) ); $this->assertEquals( '', rad_format_phone_number( '' ) ); }
Twenty minutes of regex later, you’ve created a function to handle the assertions above: Congratulations! You’ve introduced test coverage into your code. Test-Driven Development function rad_format_phone_number( $input ) { if ( preg_match( '#([d]{3})[^d]*([d]{3})[^d]*([d]{4})#', $input, $matches ) ) { return "({$matches[1]}) {$matches[2]}-{$matches[3]}"; } return ''; }
Why Test Coverage Is Even More Important with a WP REST API Project Test Coverage for Your WP REST API Project
Why Is it More Important? Because the WP REST API offers a direct read/write interface into WordPress, you need to make absolutely sure you: • Aren’t unintentionally disclosing private information to unauthorized requests. • Aren’t unintentionally permitting unauthorized requests to perform write operations on your application.
You may be manually verifying the security of your endpoints while building your WordPress- based application, but test coverage enables you to make those security assertions explicit. Furthermore, even if your WP REST API endpoints are read-only and don’t deal with private information, you want to make sure your application returns consistent responses. The clients built on top of your API expect consistent responses above all else—and can break unexpectedly when they receive unexpected data. Why Is it More Important?
How Should I Write My Endpoints? If you’re familiar with PHPUnit and the WordPress project’s PHPUnit test suite, then you’re already part of the way there. If you’re not, you’ll want to get yourself up to speed, and then come back to this tutorial. You can also open the entire test class in a separate tab if you’d like to refer to it as we go along.
How Should I Write My Endpoints? To make it possible to test your registered WP REST API endpoint in a PHPUnit test, you’ll need to first set up a WP_REST_Server instance for your test class. If you just have one test class, you can perform this step in the Tests_REST_API_Demo::setUp() method: public function setUp() { parent::setUp(); global $wp_rest_server; $this->server = $wp_rest_server = new WP_REST_Server; do_action( 'rest_api_init' ); }
The call to rest_api_init ensures your routes are registered to the server within the test. Make sure you also reset the $wp_rest_server global on Tests_REST_API_Demo::tearDown(): How Should I Write My Endpoints? public function tearDown() { parent::tearDown(); global $wp_rest_server; $wp_rest_server = null; }
Let’s imagine we want to make this phone number accessible through the WP REST API. However, because a phone number is semi-private information, it should only editable by administrators. How Should I Write My Endpoints? register_rest_route( 'rad/v1', 'site-info', array( array( 'methods' => 'GET', 'callback' => function( $request ) { return array( 'phone_number' => get_option( 'phone_number' ) , ); }, ), Click for the full code. Switching to the plugin file, our first attempt at registering our WP REST API endpoint looks like this:
Because we have $this→server available on our test class, we can create a WP_REST_Request object, dispatch it on WP_REST_Server, inspect what the server includes on WP_REST_Response. How Should I Write My Endpoints? public function test_get() { $request = new WP_REST_Request( 'GET', '/rad/v1/site -info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 200, $response ); $this->assertResponseData( array( 'phone_number' => '(555) 212-2121', ), $response ); } In this example, notice how we test both the response data and the response status. Click for the full code.
Clients interpret HTTP status codes to have a higher-level understanding of the type of response, so we want to also make sure we’re returning the proper status code. How Should I Write My Endpoints? public function test_get() { $request = new WP_REST_Request( 'GET', '/rad/v1/site -info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 200, $response ); $this->assertResponseData( array( 'phone_number' => '(555) 212-2121', ), $response ); } Click for the full code.
Uh oh! If the warning bells aren’t going off already, the endpoint we’ve registered is hugely insecure—any request, including logged-in and logged-out users can both read or update our phone number. We need to patch this right away. How Should I Write My Endpoints? public function test_get_unauthorized() { wp_set_current_user( 0 ); $request = new WP_REST_Request( 'GET', '/rad/v1/site- info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 401, $response ); } Click for the full code.
Because we’re practicing Test-Driven Development, we first write failing tests (changeset) for the security vulnerability (see the actual pull request on Github). Our tests of our WP REST API endpoints now look like this. How Should I Write My Endpoints? public function test_get_unauthorized() { wp_set_current_user( 0 ); $request = new WP_REST_Request( 'GET', '/rad/v1/site- info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 401, $response ); } Click for the full code.
A Few Key Details to Note • wp_set_current_user() lets us set the scope of the test to a given user that already exists. Because our tests are against the endpoint itself, and not the authentication system WordPress uses to verify the response, we can safely assume the current user within the scope of the code is the actual user making the request. If authentication fails, WordPress will wp_set_current_user( 0 );, which is functionally equivalent to a logged out request.
• It’s incredibly important to take to heart the difference between authentication and authorization. Authentication refers to whether or not a request is associated with a valid user in the system. Authorization refers to whether or not a given user has permission to perform a given action. Even though a user may be authenticated, they might not be authorized. Your WP REST API endpoint should return a 401 when a user isn’t authenticated, and a 403 when a user isn’t authorized. • assertResponseStatus() and assertResponseData() are helper methods you are more than welcome to copy into your own test suite. A Few Key Details to Note
Given our new knowledge about authentication and authorization, we can update our endpoint to use thepermission_callback to authorize the request before our callback handles it. A Few Key Details to Note add_action( 'rest_api_init', function() { register_rest_route( 'rad/v1', 'site-info', array( array( 'methods' => 'GET', 'callback' => function( $request ) { return array( 'phone_number' => get_option( 'phone_number' ) , ); }, Click for the full code.
To be as helpful as possible to clients, let’s adapt our endpoint to only accept input when the data is close to a phone number, and ensure our response data is formatted as a phone number or empty string. A Few Key Details to Note add_action( 'rest_api_init', function() { register_rest_route( 'rad/v1', 'site-info', array( array( 'methods' => 'GET', 'callback' => function( $request ) { return array( 'phone_number' => get_option( 'phone_number' ) , ); }, Click for the full code.
Again, because we’re practicing Test-Driven Development, we first write failing tests (see the actual pull request on Github). These failing tests look like this: A Few Key Details to Note public function test_get_authorized_reformatted() { update_option( 'phone_number', '555 555 5555' ); wp_set_current_user( $this->subscriber ); $request = new WP_REST_Request( 'GET', '/rad/v1/site -info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 200, $response ); $this->assertResponseData( array( 'phone_number' => '(555) 555-5555', ), $response ); } Click for the full code.
Given our new knowledge about making to sure consistently handle data, we can update our endpoint to register the phone_number resource argument with a validation callback, and make sure to return data through our rad_format_phone_number() function. A Few Key Details to Note register_rest_route( 'rad/v1', 'site-info', array( array( 'methods' => 'GET', 'callback' => function( $request ) { return array( 'phone_number' => rad_format_phone_number( get_ option( 'phone_number' ) ), ); }, Click for the full code.
This is Only the Beginning… • Test coverage is critically important for two reasons: security and reliability. You want to make triply sure your API isn’t disclosing private information, permitting unauthorized operations, and responds consistently to correct and incorrect client requests. • Using the WordPress project’s PHPUnit test suite, you can write integration tests for your endpoints. Include assertions for both the response data and the response status. For every successful request test you write, include 4 or 5 permutations of erred requests.
• Clients will always send your application unexpected or incorrect data. If your endpoints can provide consistent, clear, and expected responses, then the client developer’s life will be greatly improved, as they won’t have to spend hours or days trying to debug cryptic errors from an application they don’t have access to. This is Only the Beginning…
Run your WP REST API project on Pantheon. We’ve created a unique WordPress hosting platform. We provide elastic hosting and the best cloud-based development tools for teams. Try it for free

Recommended

Into The Box | Alexa and ColdBox Api's
Into The Box | Alexa and ColdBox Api'sInto The Box | Alexa and ColdBox Api's
Into The Box | Alexa and ColdBox Api'sOrtus Solutions, Corp
 
Laravel mail example how to send an email using markdown template in laravel 8
Laravel mail example how to send an email using markdown template in laravel 8Laravel mail example how to send an email using markdown template in laravel 8
Laravel mail example how to send an email using markdown template in laravel 8Katy Slemon
 
Getting Started with Zend Framework
Getting Started with Zend FrameworkGetting Started with Zend Framework
Getting Started with Zend FrameworkJuan Antonio
 
Intro to Apex Programmers
Intro to Apex ProgrammersIntro to Apex Programmers
Intro to Apex ProgrammersSalesforce Developers
 
Angular genericforms2
Angular genericforms2Angular genericforms2
Angular genericforms2Eliran Eliassy
 
REST API: A Real Case Scenario
REST API: A Real Case ScenarioREST API: A Real Case Scenario
REST API: A Real Case Scenariociacchi
 
Ruby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraRuby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraAndolasoft Inc
 
Testing ASP.net Web Applications using Ruby
Testing ASP.net Web Applications using RubyTesting ASP.net Web Applications using Ruby
Testing ASP.net Web Applications using RubyBen Hall
 

Recommended

Into The Box | Alexa and ColdBox Api's
Into The Box | Alexa and ColdBox Api'sInto The Box | Alexa and ColdBox Api's
Into The Box | Alexa and ColdBox Api'sOrtus Solutions, Corp
 
Laravel mail example how to send an email using markdown template in laravel 8
Laravel mail example how to send an email using markdown template in laravel 8Laravel mail example how to send an email using markdown template in laravel 8
Laravel mail example how to send an email using markdown template in laravel 8Katy Slemon
 
Getting Started with Zend Framework
Getting Started with Zend FrameworkGetting Started with Zend Framework
Getting Started with Zend FrameworkJuan Antonio
 
Intro to Apex Programmers
Intro to Apex ProgrammersIntro to Apex Programmers
Intro to Apex ProgrammersSalesforce Developers
 
Angular genericforms2
Angular genericforms2Angular genericforms2
Angular genericforms2Eliran Eliassy
 
REST API: A Real Case Scenario
REST API: A Real Case ScenarioREST API: A Real Case Scenario
REST API: A Real Case Scenariociacchi
 
Ruby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraRuby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraAndolasoft Inc
 
Testing ASP.net Web Applications using Ruby
Testing ASP.net Web Applications using RubyTesting ASP.net Web Applications using Ruby
Testing ASP.net Web Applications using RubyBen Hall
 
Best Laravel Eloquent Tips and Tricks
Best Laravel Eloquent Tips and TricksBest Laravel Eloquent Tips and Tricks
Best Laravel Eloquent Tips and TricksTechtic Solutions
 
Clean Code
Clean CodeClean Code
Clean CodeNascenia IT
 
TDD, BDD, RSpec
TDD, BDD, RSpecTDD, BDD, RSpec
TDD, BDD, RSpecNascenia IT
 
Apache Aries Blog Sample
Apache Aries Blog SampleApache Aries Blog Sample
Apache Aries Blog SampleSkills Matter
 
Extend oa-framework-add-new-field
Extend oa-framework-add-new-fieldExtend oa-framework-add-new-field
Extend oa-framework-add-new-fieldSwapnil Khoke
 
Railway Orientated Programming In C#
Railway Orientated Programming In C#Railway Orientated Programming In C#
Railway Orientated Programming In C#Tama000
 
Behaviour-Driven Development
Behaviour-Driven DevelopmentBehaviour-Driven Development
Behaviour-Driven DevelopmentKerry Buckley
 
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)Joshua Warren
 
Cis407 a ilab 5 web application development devry university
Cis407 a ilab 5 web application development devry universityCis407 a ilab 5 web application development devry university
Cis407 a ilab 5 web application development devry universitylhkslkdh89009
 
A Z Introduction To Ruby On Rails
A Z Introduction To Ruby On RailsA Z Introduction To Ruby On Rails
A Z Introduction To Ruby On Railsrailsconf
 
A-Z Intro To Rails
A-Z Intro To RailsA-Z Intro To Rails
A-Z Intro To RailsRobert Dempsey
 
Java Script Isn\'t a Toy Anymore
Java Script Isn\'t a Toy AnymoreJava Script Isn\'t a Toy Anymore
Java Script Isn\'t a Toy AnymoreAlexis Williams
 
Angular Mini Hackathon Code Talks 2019
Angular Mini Hackathon Code Talks 2019Angular Mini Hackathon Code Talks 2019
Angular Mini Hackathon Code Talks 2019Maximilian Berghoff
 
Working Effectively With Legacy Code
Working Effectively With Legacy CodeWorking Effectively With Legacy Code
Working Effectively With Legacy Codescidept
 
Angular server side rendering - Strategies & Technics
Angular server side rendering - Strategies & Technics Angular server side rendering - Strategies & Technics
Angular server side rendering - Strategies & Technics Eliran Eliassy
 
Workshop: Integrating Amazon APIs in Unity
Workshop: Integrating Amazon APIs in Unity Workshop: Integrating Amazon APIs in Unity
Workshop: Integrating Amazon APIs in Unity Amazon Appstore Developers
 
Apex Testing and Best Practices
Apex Testing and Best PracticesApex Testing and Best Practices
Apex Testing and Best PracticesJitendra Zaa
 
Restful Web Service
Restful Web ServiceRestful Web Service
Restful Web ServiceBin Cai
 
Apigility – Lightning Fast API Development - OSSCamp 2014
Apigility – Lightning Fast API Development - OSSCamp 2014 Apigility – Lightning Fast API Development - OSSCamp 2014
Apigility – Lightning Fast API Development - OSSCamp 2014 OSSCube
 
10 Principles of Apex Testing
10 Principles of Apex Testing10 Principles of Apex Testing
10 Principles of Apex TestingSalesforce Developers
 
WP or Drupal (or both): A Framework for Client CMS Decisions
WP or Drupal (or both): A Framework for Client CMS Decisions WP or Drupal (or both): A Framework for Client CMS Decisions
WP or Drupal (or both): A Framework for Client CMS Decisions Pantheon
 
Testing Your Code as Part of an Industrial Grade Workflow
Testing Your Code as Part of an Industrial Grade WorkflowTesting Your Code as Part of an Industrial Grade Workflow
Testing Your Code as Part of an Industrial Grade WorkflowPantheon
 

More Related Content

What's hot

Best Laravel Eloquent Tips and Tricks
Best Laravel Eloquent Tips and TricksBest Laravel Eloquent Tips and Tricks
Best Laravel Eloquent Tips and TricksTechtic Solutions
 
Clean Code
Clean CodeClean Code
Clean CodeNascenia IT
 
TDD, BDD, RSpec
TDD, BDD, RSpecTDD, BDD, RSpec
TDD, BDD, RSpecNascenia IT
 
Apache Aries Blog Sample
Apache Aries Blog SampleApache Aries Blog Sample
Apache Aries Blog SampleSkills Matter
 
Extend oa-framework-add-new-field
Extend oa-framework-add-new-fieldExtend oa-framework-add-new-field
Extend oa-framework-add-new-fieldSwapnil Khoke
 
Railway Orientated Programming In C#
Railway Orientated Programming In C#Railway Orientated Programming In C#
Railway Orientated Programming In C#Tama000
 
Behaviour-Driven Development
Behaviour-Driven DevelopmentBehaviour-Driven Development
Behaviour-Driven DevelopmentKerry Buckley
 
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)Joshua Warren
 
Cis407 a ilab 5 web application development devry university
Cis407 a ilab 5 web application development devry universityCis407 a ilab 5 web application development devry university
Cis407 a ilab 5 web application development devry universitylhkslkdh89009
 
A Z Introduction To Ruby On Rails
A Z Introduction To Ruby On RailsA Z Introduction To Ruby On Rails
A Z Introduction To Ruby On Railsrailsconf
 
A-Z Intro To Rails
A-Z Intro To RailsA-Z Intro To Rails
A-Z Intro To RailsRobert Dempsey
 
Java Script Isn\'t a Toy Anymore
Java Script Isn\'t a Toy AnymoreJava Script Isn\'t a Toy Anymore
Java Script Isn\'t a Toy AnymoreAlexis Williams
 
Angular Mini Hackathon Code Talks 2019
Angular Mini Hackathon Code Talks 2019Angular Mini Hackathon Code Talks 2019
Angular Mini Hackathon Code Talks 2019Maximilian Berghoff
 
Working Effectively With Legacy Code
Working Effectively With Legacy CodeWorking Effectively With Legacy Code
Working Effectively With Legacy Codescidept
 
Angular server side rendering - Strategies & Technics
Angular server side rendering - Strategies & Technics Angular server side rendering - Strategies & Technics
Angular server side rendering - Strategies & Technics Eliran Eliassy
 
Workshop: Integrating Amazon APIs in Unity
Workshop: Integrating Amazon APIs in Unity Workshop: Integrating Amazon APIs in Unity
Workshop: Integrating Amazon APIs in Unity Amazon Appstore Developers
 
Apex Testing and Best Practices
Apex Testing and Best PracticesApex Testing and Best Practices
Apex Testing and Best PracticesJitendra Zaa
 
Restful Web Service
Restful Web ServiceRestful Web Service
Restful Web ServiceBin Cai
 
Apigility – Lightning Fast API Development - OSSCamp 2014
Apigility – Lightning Fast API Development - OSSCamp 2014 Apigility – Lightning Fast API Development - OSSCamp 2014
Apigility – Lightning Fast API Development - OSSCamp 2014 OSSCube
 

What's hot (20)

Best Laravel Eloquent Tips and Tricks
Best Laravel Eloquent Tips and TricksBest Laravel Eloquent Tips and Tricks
Best Laravel Eloquent Tips and Tricks
 
Clean Code
Clean CodeClean Code
Clean Code
 
TDD, BDD, RSpec
TDD, BDD, RSpecTDD, BDD, RSpec
TDD, BDD, RSpec
 
Apache Aries Blog Sample
Apache Aries Blog SampleApache Aries Blog Sample
Apache Aries Blog Sample
 
Extend oa-framework-add-new-field
Extend oa-framework-add-new-fieldExtend oa-framework-add-new-field
Extend oa-framework-add-new-field
 
Railway Orientated Programming In C#
Railway Orientated Programming In C#Railway Orientated Programming In C#
Railway Orientated Programming In C#
 
Behaviour-Driven Development
Behaviour-Driven DevelopmentBehaviour-Driven Development
Behaviour-Driven Development
 
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)
PHPSpec & Behat: Two Testing Tools That Write Code For You (#phptek edition)
 
Cis407 a ilab 5 web application development devry university
Cis407 a ilab 5 web application development devry universityCis407 a ilab 5 web application development devry university
Cis407 a ilab 5 web application development devry university
 
A Z Introduction To Ruby On Rails
A Z Introduction To Ruby On RailsA Z Introduction To Ruby On Rails
A Z Introduction To Ruby On Rails
 
A-Z Intro To Rails
A-Z Intro To RailsA-Z Intro To Rails
A-Z Intro To Rails
 
Java Script Isn\'t a Toy Anymore
Java Script Isn\'t a Toy AnymoreJava Script Isn\'t a Toy Anymore
Java Script Isn\'t a Toy Anymore
 
Angular Mini Hackathon Code Talks 2019
Angular Mini Hackathon Code Talks 2019Angular Mini Hackathon Code Talks 2019
Angular Mini Hackathon Code Talks 2019
 
Working Effectively With Legacy Code
Working Effectively With Legacy CodeWorking Effectively With Legacy Code
Working Effectively With Legacy Code
 
Angular server side rendering - Strategies & Technics
Angular server side rendering - Strategies & Technics Angular server side rendering - Strategies & Technics
Angular server side rendering - Strategies & Technics
 
Workshop: Integrating Amazon APIs in Unity
Workshop: Integrating Amazon APIs in Unity Workshop: Integrating Amazon APIs in Unity
Workshop: Integrating Amazon APIs in Unity
 
Apex Testing and Best Practices
Apex Testing and Best PracticesApex Testing and Best Practices
Apex Testing and Best Practices
 
Restful Web Service
Restful Web ServiceRestful Web Service
Restful Web Service
 
Apigility – Lightning Fast API Development - OSSCamp 2014
Apigility – Lightning Fast API Development - OSSCamp 2014 Apigility – Lightning Fast API Development - OSSCamp 2014
Apigility – Lightning Fast API Development - OSSCamp 2014
 
10 Principles of Apex Testing
10 Principles of Apex Testing10 Principles of Apex Testing
10 Principles of Apex Testing
 

Viewers also liked

WP or Drupal (or both): A Framework for Client CMS Decisions
WP or Drupal (or both): A Framework for Client CMS Decisions WP or Drupal (or both): A Framework for Client CMS Decisions
WP or Drupal (or both): A Framework for Client CMS Decisions Pantheon
 
Testing Your Code as Part of an Industrial Grade Workflow
Testing Your Code as Part of an Industrial Grade WorkflowTesting Your Code as Part of an Industrial Grade Workflow
Testing Your Code as Part of an Industrial Grade WorkflowPantheon
 
Drush in the Composer Era
Drush in the Composer EraDrush in the Composer Era
Drush in the Composer EraPantheon
 
Start with Drupal CMS
Start with Drupal CMSStart with Drupal CMS
Start with Drupal CMSEdeth Meng
 
How Drupal 8 Reaches Its Full Potential on Pantheon
How Drupal 8 Reaches Its Full Potential on PantheonHow Drupal 8 Reaches Its Full Potential on Pantheon
How Drupal 8 Reaches Its Full Potential on PantheonPantheon
 
Migrating NYSenate.gov
Migrating NYSenate.govMigrating NYSenate.gov
Migrating NYSenate.govPantheon
 
WordPress at Scale Webinar
WordPress at Scale WebinarWordPress at Scale Webinar
WordPress at Scale WebinarPantheon
 
Drupal 8 and Pantheon
Drupal 8 and PantheonDrupal 8 and Pantheon
Drupal 8 and PantheonPantheon
 
Level Up: 5 Expert Tips for Optimizing WordPress Performance
Level Up: 5 Expert Tips for Optimizing WordPress PerformanceLevel Up: 5 Expert Tips for Optimizing WordPress Performance
Level Up: 5 Expert Tips for Optimizing WordPress PerformancePantheon
 
Lean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and DrushLean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and DrushPantheon
 
Continuous Integration Is for Teams: Moving past buzzword driven development
Continuous Integration Is for Teams: Moving past buzzword driven development Continuous Integration Is for Teams: Moving past buzzword driven development
Continuous Integration Is for Teams: Moving past buzzword driven development Pantheon
 
Drupal Performance
Drupal Performance Drupal Performance
Drupal Performance Pantheon
 
Decoupled Architecture and WordPress
Decoupled Architecture and WordPressDecoupled Architecture and WordPress
Decoupled Architecture and WordPressPantheon
 
WordPress REST API: Expert Advice & Practical Use Cases
WordPress REST API: Expert Advice & Practical Use CasesWordPress REST API: Expert Advice & Practical Use Cases
WordPress REST API: Expert Advice & Practical Use CasesPantheon
 
Why Your Site is Slow: Performance Answers for Your Clients
Why Your Site is Slow: Performance Answers for Your ClientsWhy Your Site is Slow: Performance Answers for Your Clients
Why Your Site is Slow: Performance Answers for Your ClientsPantheon
 
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...Pantheon
 
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and MoreAutomating & Integrating Pantheon with JIRA, Slack, Jenkins and More
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and MorePantheon
 
Development Workflow Tools for Open-Source PHP Libraries
Development Workflow Tools for Open-Source PHP LibrariesDevelopment Workflow Tools for Open-Source PHP Libraries
Development Workflow Tools for Open-Source PHP LibrariesPantheon
 

Viewers also liked (18)

WP or Drupal (or both): A Framework for Client CMS Decisions
WP or Drupal (or both): A Framework for Client CMS Decisions WP or Drupal (or both): A Framework for Client CMS Decisions
WP or Drupal (or both): A Framework for Client CMS Decisions
 
Testing Your Code as Part of an Industrial Grade Workflow
Testing Your Code as Part of an Industrial Grade WorkflowTesting Your Code as Part of an Industrial Grade Workflow
Testing Your Code as Part of an Industrial Grade Workflow
 
Drush in the Composer Era
Drush in the Composer EraDrush in the Composer Era
Drush in the Composer Era
 
Start with Drupal CMS
Start with Drupal CMSStart with Drupal CMS
Start with Drupal CMS
 
How Drupal 8 Reaches Its Full Potential on Pantheon
How Drupal 8 Reaches Its Full Potential on PantheonHow Drupal 8 Reaches Its Full Potential on Pantheon
How Drupal 8 Reaches Its Full Potential on Pantheon
 
Migrating NYSenate.gov
Migrating NYSenate.govMigrating NYSenate.gov
Migrating NYSenate.gov
 
WordPress at Scale Webinar
WordPress at Scale WebinarWordPress at Scale Webinar
WordPress at Scale Webinar
 
Drupal 8 and Pantheon
Drupal 8 and PantheonDrupal 8 and Pantheon
Drupal 8 and Pantheon
 
Level Up: 5 Expert Tips for Optimizing WordPress Performance
Level Up: 5 Expert Tips for Optimizing WordPress PerformanceLevel Up: 5 Expert Tips for Optimizing WordPress Performance
Level Up: 5 Expert Tips for Optimizing WordPress Performance
 
Lean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and DrushLean Drupal Repositories with Composer and Drush
Lean Drupal Repositories with Composer and Drush
 
Continuous Integration Is for Teams: Moving past buzzword driven development
Continuous Integration Is for Teams: Moving past buzzword driven development Continuous Integration Is for Teams: Moving past buzzword driven development
Continuous Integration Is for Teams: Moving past buzzword driven development
 
Drupal Performance
Drupal Performance Drupal Performance
Drupal Performance
 
Decoupled Architecture and WordPress
Decoupled Architecture and WordPressDecoupled Architecture and WordPress
Decoupled Architecture and WordPress
 
WordPress REST API: Expert Advice & Practical Use Cases
WordPress REST API: Expert Advice & Practical Use CasesWordPress REST API: Expert Advice & Practical Use Cases
WordPress REST API: Expert Advice & Practical Use Cases
 
Why Your Site is Slow: Performance Answers for Your Clients
Why Your Site is Slow: Performance Answers for Your ClientsWhy Your Site is Slow: Performance Answers for Your Clients
Why Your Site is Slow: Performance Answers for Your Clients
 
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...
 
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and MoreAutomating & Integrating Pantheon with JIRA, Slack, Jenkins and More
Automating & Integrating Pantheon with JIRA, Slack, Jenkins and More
 
Development Workflow Tools for Open-Source PHP Libraries
Development Workflow Tools for Open-Source PHP LibrariesDevelopment Workflow Tools for Open-Source PHP Libraries
Development Workflow Tools for Open-Source PHP Libraries
 

Similar to Test Coverage for Your WP REST API Project

REST API for your WP7 App
REST API for your WP7 AppREST API for your WP7 App
REST API for your WP7 AppAgnius Paradnikas
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftThousandEyes
 
WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!
WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!
WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!Evan Mullins
 
Teaming up WordPress API with Backbone.js in Titanium
Teaming up WordPress API with Backbone.js in TitaniumTeaming up WordPress API with Backbone.js in Titanium
Teaming up WordPress API with Backbone.js in TitaniumJeroen van Dijk
 
Caldera Learn - LoopConf WP API + Angular FTW Workshop
Caldera Learn - LoopConf WP API + Angular FTW WorkshopCaldera Learn - LoopConf WP API + Angular FTW Workshop
Caldera Learn - LoopConf WP API + Angular FTW WorkshopCalderaLearn
 
Building WordPress Client Side Applications with WP and WP-API - #wcmia
Building WordPress Client Side Applications with WP and WP-API - #wcmiaBuilding WordPress Client Side Applications with WP and WP-API - #wcmia
Building WordPress Client Side Applications with WP and WP-API - #wcmiaRoy Sivan
 
Input validation slides of web application workshop
Input validation slides of web application workshopInput validation slides of web application workshop
Input validation slides of web application workshopPayampardaz
 
Plugin development wpmeetup010
Plugin development wpmeetup010Plugin development wpmeetup010
Plugin development wpmeetup010Barry Kooij
 
Presentation - Course about JavaFX
Presentation - Course about JavaFXPresentation - Course about JavaFX
Presentation - Course about JavaFXTom Mix Petreca
 
Laravel development (Laravel History, Environment Setup & Laravel Installatio...
Laravel development (Laravel History, Environment Setup & Laravel Installatio...Laravel development (Laravel History, Environment Setup & Laravel Installatio...
Laravel development (Laravel History, Environment Setup & Laravel Installatio...Dilouar Hossain
 
Effectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby ConfEffectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby Confneal_kemp
 
AI: Mobile Apps That Understands Your Intention When You Typed
AI: Mobile Apps That Understands Your Intention When You TypedAI: Mobile Apps That Understands Your Intention When You Typed
AI: Mobile Apps That Understands Your Intention When You TypedMarvin Heng
 
Building Progressive Web Apps for Windows devices
Building Progressive Web Apps for Windows devicesBuilding Progressive Web Apps for Windows devices
Building Progressive Web Apps for Windows devicesWindows Developer
 
Restaurant Server - Transcript.pdf
Restaurant Server - Transcript.pdfRestaurant Server - Transcript.pdf
Restaurant Server - Transcript.pdfShaiAlmog1
 
ragi_tutorial_v1
ragi_tutorial_v1ragi_tutorial_v1
ragi_tutorial_v1tutorialsruby
 
ragi_tutorial_v1
ragi_tutorial_v1ragi_tutorial_v1
ragi_tutorial_v1tutorialsruby
 
WordPress REST API hacking
WordPress REST API hackingWordPress REST API hacking
WordPress REST API hackingJeroen van Dijk
 

Similar to Test Coverage for Your WP REST API Project (20)

REST API for your WP7 App
REST API for your WP7 AppREST API for your WP7 App
REST API for your WP7 App
 
Automating Performance Monitoring at Microsoft
Automating Performance Monitoring at MicrosoftAutomating Performance Monitoring at Microsoft
Automating Performance Monitoring at Microsoft
 
WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!
WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!
WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!
 
Cqrs api v2
Cqrs api v2Cqrs api v2
Cqrs api v2
 
Teaming up WordPress API with Backbone.js in Titanium
Teaming up WordPress API with Backbone.js in TitaniumTeaming up WordPress API with Backbone.js in Titanium
Teaming up WordPress API with Backbone.js in Titanium
 
How to tdd your mvp
How to tdd your mvpHow to tdd your mvp
How to tdd your mvp
 
Caldera Learn - LoopConf WP API + Angular FTW Workshop
Caldera Learn - LoopConf WP API + Angular FTW WorkshopCaldera Learn - LoopConf WP API + Angular FTW Workshop
Caldera Learn - LoopConf WP API + Angular FTW Workshop
 
Old WP REST API, New Tricks
Old WP REST API, New TricksOld WP REST API, New Tricks
Old WP REST API, New Tricks
 
Building WordPress Client Side Applications with WP and WP-API - #wcmia
Building WordPress Client Side Applications with WP and WP-API - #wcmiaBuilding WordPress Client Side Applications with WP and WP-API - #wcmia
Building WordPress Client Side Applications with WP and WP-API - #wcmia
 
Input validation slides of web application workshop
Input validation slides of web application workshopInput validation slides of web application workshop
Input validation slides of web application workshop
 
Plugin development wpmeetup010
Plugin development wpmeetup010Plugin development wpmeetup010
Plugin development wpmeetup010
 
Presentation - Course about JavaFX
Presentation - Course about JavaFXPresentation - Course about JavaFX
Presentation - Course about JavaFX
 
Laravel development (Laravel History, Environment Setup & Laravel Installatio...
Laravel development (Laravel History, Environment Setup & Laravel Installatio...Laravel development (Laravel History, Environment Setup & Laravel Installatio...
Laravel development (Laravel History, Environment Setup & Laravel Installatio...
 
Effectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby ConfEffectively Testing Services - Burlington Ruby Conf
Effectively Testing Services - Burlington Ruby Conf
 
AI: Mobile Apps That Understands Your Intention When You Typed
AI: Mobile Apps That Understands Your Intention When You TypedAI: Mobile Apps That Understands Your Intention When You Typed
AI: Mobile Apps That Understands Your Intention When You Typed
 
Building Progressive Web Apps for Windows devices
Building Progressive Web Apps for Windows devicesBuilding Progressive Web Apps for Windows devices
Building Progressive Web Apps for Windows devices
 
Restaurant Server - Transcript.pdf
Restaurant Server - Transcript.pdfRestaurant Server - Transcript.pdf
Restaurant Server - Transcript.pdf
 
ragi_tutorial_v1
ragi_tutorial_v1ragi_tutorial_v1
ragi_tutorial_v1
 
ragi_tutorial_v1
ragi_tutorial_v1ragi_tutorial_v1
ragi_tutorial_v1
 
WordPress REST API hacking
WordPress REST API hackingWordPress REST API hacking
WordPress REST API hacking
 

More from Pantheon

Drupal Migrations in 2018
Drupal Migrations in 2018Drupal Migrations in 2018
Drupal Migrations in 2018Pantheon
 
Architecting Million Dollar Projects
Architecting Million Dollar ProjectsArchitecting Million Dollar Projects
Architecting Million Dollar ProjectsPantheon
 
Streamlined Drupal 8: Site Building Strategies for Tight Deadlines
Streamlined Drupal 8: Site Building Strategies for Tight DeadlinesStreamlined Drupal 8: Site Building Strategies for Tight Deadlines
Streamlined Drupal 8: Site Building Strategies for Tight DeadlinesPantheon
 
Getting Started with Drupal
Getting Started with DrupalGetting Started with Drupal
Getting Started with DrupalPantheon
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesPantheon
 
Automate Your Automation | DrupalCon Vienna
Automate Your Automation | DrupalCon ViennaAutomate Your Automation | DrupalCon Vienna
Automate Your Automation | DrupalCon ViennaPantheon
 
Sub-Second Pageloads: Beat the Speed of Light with Pantheon & Fastly
Sub-Second Pageloads: Beat the Speed of Light with Pantheon & FastlySub-Second Pageloads: Beat the Speed of Light with Pantheon & Fastly
Sub-Second Pageloads: Beat the Speed of Light with Pantheon & FastlyPantheon
 
Building a Network of 195 Drupal 8 Sites
Building a Network of 195 Drupal 8 Sites Building a Network of 195 Drupal 8 Sites
Building a Network of 195 Drupal 8 Sites Pantheon
 
Hacking Your Agency Workflow: Treating Your Process Like A Product
Hacking Your Agency Workflow: Treating Your Process Like A ProductHacking Your Agency Workflow: Treating Your Process Like A Product
Hacking Your Agency Workflow: Treating Your Process Like A ProductPantheon
 
Best Practice Site Architecture in Drupal 8
Best Practice Site Architecture in Drupal 8Best Practice Site Architecture in Drupal 8
Best Practice Site Architecture in Drupal 8Pantheon
 
Preparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePreparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePantheon
 
Content as a Service: What to Know About Decoupled CMS
Content as a Service: What to Know About Decoupled CMSContent as a Service: What to Know About Decoupled CMS
Content as a Service: What to Know About Decoupled CMSPantheon
 
Drupal 8 CMI on a Managed Workflow
Drupal 8 CMI on a Managed WorkflowDrupal 8 CMI on a Managed Workflow
Drupal 8 CMI on a Managed WorkflowPantheon
 

More from Pantheon (13)

Drupal Migrations in 2018
Drupal Migrations in 2018Drupal Migrations in 2018
Drupal Migrations in 2018
 
Architecting Million Dollar Projects
Architecting Million Dollar ProjectsArchitecting Million Dollar Projects
Architecting Million Dollar Projects
 
Streamlined Drupal 8: Site Building Strategies for Tight Deadlines
Streamlined Drupal 8: Site Building Strategies for Tight DeadlinesStreamlined Drupal 8: Site Building Strategies for Tight Deadlines
Streamlined Drupal 8: Site Building Strategies for Tight Deadlines
 
Getting Started with Drupal
Getting Started with DrupalGetting Started with Drupal
Getting Started with Drupal
 
Defense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 SitesDefense in Depth: Lessons Learned Securing 200,000 Sites
Defense in Depth: Lessons Learned Securing 200,000 Sites
 
Automate Your Automation | DrupalCon Vienna
Automate Your Automation | DrupalCon ViennaAutomate Your Automation | DrupalCon Vienna
Automate Your Automation | DrupalCon Vienna
 
Sub-Second Pageloads: Beat the Speed of Light with Pantheon & Fastly
Sub-Second Pageloads: Beat the Speed of Light with Pantheon & FastlySub-Second Pageloads: Beat the Speed of Light with Pantheon & Fastly
Sub-Second Pageloads: Beat the Speed of Light with Pantheon & Fastly
 
Building a Network of 195 Drupal 8 Sites
Building a Network of 195 Drupal 8 Sites Building a Network of 195 Drupal 8 Sites
Building a Network of 195 Drupal 8 Sites
 
Hacking Your Agency Workflow: Treating Your Process Like A Product
Hacking Your Agency Workflow: Treating Your Process Like A ProductHacking Your Agency Workflow: Treating Your Process Like A Product
Hacking Your Agency Workflow: Treating Your Process Like A Product
 
Best Practice Site Architecture in Drupal 8
Best Practice Site Architecture in Drupal 8Best Practice Site Architecture in Drupal 8
Best Practice Site Architecture in Drupal 8
 
Preparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePreparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie Apocalypse
 
Content as a Service: What to Know About Decoupled CMS
Content as a Service: What to Know About Decoupled CMSContent as a Service: What to Know About Decoupled CMS
Content as a Service: What to Know About Decoupled CMS
 
Drupal 8 CMI on a Managed Workflow
Drupal 8 CMI on a Managed WorkflowDrupal 8 CMI on a Managed Workflow
Drupal 8 CMI on a Managed Workflow
 

Recently uploaded

FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysismanisha194592
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxolyaivanovalion
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...shivangimorya083
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxMohammedJunaid861692
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023ymrp368
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...amitlee9823
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Delhi Call girls
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionfulawalesam
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 

Recently uploaded (20)

FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
April 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's AnalysisApril 2024 - Crypto Market Report's Analysis
April 2024 - Crypto Market Report's Analysis
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Carero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptxCarero dropshipping via API with DroFx.pptx
Carero dropshipping via API with DroFx.pptx
 
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
Vip Model Call Girls (Delhi) Karol Bagh 9711199171✔️Body to body massage wit...
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptxBPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
BPAC WITH UFSBI GENERAL PRESENTATION 18_05_2017-1.pptx
 
Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023Data-Analysis for Chicago Crime Data 2023
Data-Analysis for Chicago Crime Data 2023
 
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort ServiceBDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
BDSM⚡Call Girls in Mandawali Delhi >༒8448380779 Escort Service
 
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
Call Girls Bannerghatta Road Just Call 👗 7737669865 👗 Top Class Call Girl Ser...
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
Best VIP Call Girls Noida Sector 39 Call Me: 8448380779
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
Week-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interactionWeek-01-2.ppt BBB human Computer interaction
Week-01-2.ppt BBB human Computer interaction
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 

Test Coverage for Your WP REST API Project

  • 1. Ensure Security and Reliability with Test Coverage Test Coverage for Your WP REST API Project
  • 2. Daniel Bachhuber, Author Daniel Bachhuber knows a thing or two about WordPress. In addition to working on the WP REST API, Bachhuber founded Handbuilt, a shop providing WordPress development and consulting services. He also founded Runcommand and is an active maintainer of the WP-CLI.
  • 3. Daniel Bachhuber, Author Bachhuber wrote this tutorial to help developers working with the WP REST API ensure a secure, performant site. Whether you are currently working on a REST API project or not, check out Daniel’s tips for securing endpoints as you go.
  • 4. Alex the developer is pretty excited about the WordPress REST API. Because the infrastructural components were introduced in WordPress 4.4, they too can use register_rest_route() to easily register their own WP REST API endpoints. In fact, they love registering routes so much that they’re creating API endpoints for every project they work on. Sound like you too? Are you writing full test coverage for your endpoints as you go? If not, you absolutely need to be, for two primary reasons: security and reliability. If you aren’t writing test coverage for your endpoints, sorry Charlie—your endpoints are probably insecure, and probably behave unexpectedly for clients. This tutorial is everything you need to get started. Ensure Security and Reliability
  • 5. To start at the beginning, “writing tests” is a way for you, as the developer of a complex application, to define assertions of how the application’s functionality is expected to work. Pairing your tests with a continuous integration system like Travis CI means your suite of tests will be run automatically on every push or pull request, making it much easier to incorporate tests into your development workflow. What Are We Talking About?
  • 6. As it relates to your WP REST API endpoints, there are two common ways to think about test coverage. • “Unit tests” test the smallest testable part of your application (e.g. the phone formatting function in this tutorial). • “Integration tests” test groups of application functionality (e.g. the WP REST API endpoints in this tutorial). What Are We Talking About?
  • 7. Invest in Security and Performance Test coverage is additive; the only place to start is at the very beginning. Continual investment over time leads to an increasing amount of test coverage, and greater confidence that your application isn’t breaking unexpectedly as it becomes more complex. Say, for instance, you’ve written a rad_format_phone_number( $input ) function to format phone numbers within your WordPress application. Your first pass at the function produces something like this: function rad_format_phone_number( $input ) { $bits = explode( '-', $input ); return "({$bits[0]}) {$bits[1]}-{$bits[2]}"; }
  • 8. To ensure the function works as expected, you write a test case for it like this: You run phpunit to see if the test passes—and it does! Invest in Security and Performance function test_format_phone_number() { $this->assertEquals( '(555) 212- 2121', rad_format_phone_number( '555-212-2121' ) ); }
  • 9. Test-Driven Development What if a user passes a value like 5552122121 or +1 (555) 212 2121? Or even an empty string? Make sure your function can handle these alternative formats, as well as the original input format you created the function for. Using Test-Driven Development, you can actually write the test cases first, and then adapt your function until the tests pass. function test_format_phone_number() { $this->assertEquals( '(555) 212-2121', rad_format_phone_number( '555-212-2121' ) ); $this->assertEquals( '(555) 212-2121', rad_format_phone_number( '5552122121' ) ); $this->assertEquals( '(555) 212-2121', rad_format_phone_number( '+1 (555) 212 2121' ) ); $this->assertEquals( '', rad_format_phone_number( '' ) ); }
  • 10. Twenty minutes of regex later, you’ve created a function to handle the assertions above: Congratulations! You’ve introduced test coverage into your code. Test-Driven Development function rad_format_phone_number( $input ) { if ( preg_match( '#([d]{3})[^d]*([d]{3})[^d]*([d]{4})#', $input, $matches ) ) { return "({$matches[1]}) {$matches[2]}-{$matches[3]}"; } return ''; }
  • 11. Why Test Coverage Is Even More Important with a WP REST API Project Test Coverage for Your WP REST API Project
  • 12. Why Is it More Important? Because the WP REST API offers a direct read/write interface into WordPress, you need to make absolutely sure you: • Aren’t unintentionally disclosing private information to unauthorized requests. • Aren’t unintentionally permitting unauthorized requests to perform write operations on your application.
  • 13. You may be manually verifying the security of your endpoints while building your WordPress- based application, but test coverage enables you to make those security assertions explicit. Furthermore, even if your WP REST API endpoints are read-only and don’t deal with private information, you want to make sure your application returns consistent responses. The clients built on top of your API expect consistent responses above all else—and can break unexpectedly when they receive unexpected data. Why Is it More Important?
  • 14. How Should I Write My Endpoints? If you’re familiar with PHPUnit and the WordPress project’s PHPUnit test suite, then you’re already part of the way there. If you’re not, you’ll want to get yourself up to speed, and then come back to this tutorial. You can also open the entire test class in a separate tab if you’d like to refer to it as we go along.
  • 15. How Should I Write My Endpoints? To make it possible to test your registered WP REST API endpoint in a PHPUnit test, you’ll need to first set up a WP_REST_Server instance for your test class. If you just have one test class, you can perform this step in the Tests_REST_API_Demo::setUp() method: public function setUp() { parent::setUp(); global $wp_rest_server; $this->server = $wp_rest_server = new WP_REST_Server; do_action( 'rest_api_init' ); }
  • 16. The call to rest_api_init ensures your routes are registered to the server within the test. Make sure you also reset the $wp_rest_server global on Tests_REST_API_Demo::tearDown(): How Should I Write My Endpoints? public function tearDown() { parent::tearDown(); global $wp_rest_server; $wp_rest_server = null; }
  • 17. Let’s imagine we want to make this phone number accessible through the WP REST API. However, because a phone number is semi-private information, it should only editable by administrators. How Should I Write My Endpoints? register_rest_route( 'rad/v1', 'site-info', array( array( 'methods' => 'GET', 'callback' => function( $request ) { return array( 'phone_number' => get_option( 'phone_number' ) , ); }, ), Click for the full code. Switching to the plugin file, our first attempt at registering our WP REST API endpoint looks like this:
  • 18. Because we have $this→server available on our test class, we can create a WP_REST_Request object, dispatch it on WP_REST_Server, inspect what the server includes on WP_REST_Response. How Should I Write My Endpoints? public function test_get() { $request = new WP_REST_Request( 'GET', '/rad/v1/site -info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 200, $response ); $this->assertResponseData( array( 'phone_number' => '(555) 212-2121', ), $response ); } In this example, notice how we test both the response data and the response status. Click for the full code.
  • 19. Clients interpret HTTP status codes to have a higher-level understanding of the type of response, so we want to also make sure we’re returning the proper status code. How Should I Write My Endpoints? public function test_get() { $request = new WP_REST_Request( 'GET', '/rad/v1/site -info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 200, $response ); $this->assertResponseData( array( 'phone_number' => '(555) 212-2121', ), $response ); } Click for the full code.
  • 20. Uh oh! If the warning bells aren’t going off already, the endpoint we’ve registered is hugely insecure—any request, including logged-in and logged-out users can both read or update our phone number. We need to patch this right away. How Should I Write My Endpoints? public function test_get_unauthorized() { wp_set_current_user( 0 ); $request = new WP_REST_Request( 'GET', '/rad/v1/site- info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 401, $response ); } Click for the full code.
  • 21. Because we’re practicing Test-Driven Development, we first write failing tests (changeset) for the security vulnerability (see the actual pull request on Github). Our tests of our WP REST API endpoints now look like this. How Should I Write My Endpoints? public function test_get_unauthorized() { wp_set_current_user( 0 ); $request = new WP_REST_Request( 'GET', '/rad/v1/site- info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 401, $response ); } Click for the full code.
  • 22. A Few Key Details to Note • wp_set_current_user() lets us set the scope of the test to a given user that already exists. Because our tests are against the endpoint itself, and not the authentication system WordPress uses to verify the response, we can safely assume the current user within the scope of the code is the actual user making the request. If authentication fails, WordPress will wp_set_current_user( 0 );, which is functionally equivalent to a logged out request.
  • 23. • It’s incredibly important to take to heart the difference between authentication and authorization. Authentication refers to whether or not a request is associated with a valid user in the system. Authorization refers to whether or not a given user has permission to perform a given action. Even though a user may be authenticated, they might not be authorized. Your WP REST API endpoint should return a 401 when a user isn’t authenticated, and a 403 when a user isn’t authorized. • assertResponseStatus() and assertResponseData() are helper methods you are more than welcome to copy into your own test suite. A Few Key Details to Note
  • 24. Given our new knowledge about authentication and authorization, we can update our endpoint to use thepermission_callback to authorize the request before our callback handles it. A Few Key Details to Note add_action( 'rest_api_init', function() { register_rest_route( 'rad/v1', 'site-info', array( array( 'methods' => 'GET', 'callback' => function( $request ) { return array( 'phone_number' => get_option( 'phone_number' ) , ); }, Click for the full code.
  • 25. To be as helpful as possible to clients, let’s adapt our endpoint to only accept input when the data is close to a phone number, and ensure our response data is formatted as a phone number or empty string. A Few Key Details to Note add_action( 'rest_api_init', function() { register_rest_route( 'rad/v1', 'site-info', array( array( 'methods' => 'GET', 'callback' => function( $request ) { return array( 'phone_number' => get_option( 'phone_number' ) , ); }, Click for the full code.
  • 26. Again, because we’re practicing Test-Driven Development, we first write failing tests (see the actual pull request on Github). These failing tests look like this: A Few Key Details to Note public function test_get_authorized_reformatted() { update_option( 'phone_number', '555 555 5555' ); wp_set_current_user( $this->subscriber ); $request = new WP_REST_Request( 'GET', '/rad/v1/site -info' ); $response = $this->server->dispatch( $request ); $this->assertResponseStatus( 200, $response ); $this->assertResponseData( array( 'phone_number' => '(555) 555-5555', ), $response ); } Click for the full code.
  • 27. Given our new knowledge about making to sure consistently handle data, we can update our endpoint to register the phone_number resource argument with a validation callback, and make sure to return data through our rad_format_phone_number() function. A Few Key Details to Note register_rest_route( 'rad/v1', 'site-info', array( array( 'methods' => 'GET', 'callback' => function( $request ) { return array( 'phone_number' => rad_format_phone_number( get_ option( 'phone_number' ) ), ); }, Click for the full code.
  • 28. This is Only the Beginning… • Test coverage is critically important for two reasons: security and reliability. You want to make triply sure your API isn’t disclosing private information, permitting unauthorized operations, and responds consistently to correct and incorrect client requests. • Using the WordPress project’s PHPUnit test suite, you can write integration tests for your endpoints. Include assertions for both the response data and the response status. For every successful request test you write, include 4 or 5 permutations of erred requests.
  • 29. • Clients will always send your application unexpected or incorrect data. If your endpoints can provide consistent, clear, and expected responses, then the client developer’s life will be greatly improved, as they won’t have to spend hours or days trying to debug cryptic errors from an application they don’t have access to. This is Only the Beginning…
  • 30. Run your WP REST API project on Pantheon. We’ve created a unique WordPress hosting platform. We provide elastic hosting and the best cloud-based development tools for teams. Try it for free