Skip to main content

Jul 17, 2021 - 3 minute read - API Testing API Challenges Evil Tester

Challenge 20 - How To - POST todos create with XML

This post and video shows how to complete the challenge POST /todos XML to send a POST request to create a todo item with body and response in XML format.

What are the API Challenges?

Our API Challenges Application has a fully functional cloud hosted API, and a set of challenges to work through.

POST /todos XML

To create and amend items in a REST API we usually use a POST request. POST requests are defined as ‘partial’ requests in that they don’t need to have all the fields, but they need to have enough fields to be valid for the request.

Issue a POST request on the /todos end point to create a todo using Content-Type application/xml, and Accepting only XML ie. Accept header of application/xml

For this challenge we issue a request with an accept header specifying XML and we will send the message as XML so we set the content-type header as well.

  • POST request means we will send information in the body of the message
    • e.g. POST /todos sends to the todos endpoint
  • create a todo means that we will not include a todo id, so a new todo is created
  • Content-Type application/xml means set the content-type header to application/xml
  • Accept header of application/xml means set the accept header to application/xml
  • the body of the message will have to be a valid todo item, and we can see the format in the documentation, or by issuing a GET request on the /todos endpoint
  • add the X-CHALLENGER header to track progress
  • we know it has been created when we receive a 201 response
  • the body of the response should contain the full details of the todo created

Basic Instructions

  • First issue a GET request on “/todos” with an accept header of application/xml to see the format of a todo in XML format
  • Issue a POST request to end point “/todos”
    • if running locally that endpoint would be
      • http://localhost:4567/todos
    • if running in the cloud that endpoint would be
      • https://apichallenges.herokuapp.com/todos
  • The request should have an Accept header with the value application/xml
  • The request should have an Content-Type header with the value application/xml
  • Use the todo that you copied from the GET request, remembering to remove the id because when we create a todo, it will be issued with an id automatically

We only need to use the minimum details, but could add a description if we wanted.

  <todo>
    <doneStatus>true</doneStatus>
    <title>file paperwork today</title>
  </todo>
  • The request should have an X-CHALLENGER header to track challenge completion
  • The response status code should be 201 when all the details are valid.
  • Check the body of the response has XML formatted ‘todo’ response
    • this will contain the full details of the todo we created
  • Check the content-type header in the response has application/xml matching the requested accept format

Extras:

  • you might want to experiment with adding additional fields like ‘description’, what happens if you miss out fields?
  • check the Location header has the endpoint we can use to retrieve the todo, issue a GET on that endpoint to retrieve the details of the todo

Details

> POST /todos HTTP/1.1
> Host: apichallenges.herokuapp.com
> User-Agent: insomnia/2021.2.2
> X-CHALLENGER: x-challenger-guid
> Content-Type: application/xml
> Accept: application/xml
> Content-Length: 93

|   <todo>
|     <doneStatus>true</doneStatus>
|     <title>file paperwork today</title>
|   </todo>

< HTTP/1.1 201 Created
< Connection: close
< Date: Sat, 17 Jul 2021 13:14:28 GMT
< Content-Type: application/xml
< Location: todos/226
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: *
< X-Challenger: x-challenger-guid
< Server: Jetty(9.4.z-SNAPSHOT)
< Via: 1.1 vegur

Example Response body:

<todo>
  <doneStatus>true</doneStatus>
  <description/>
  <id>226</id>
  <title>file paperwork today</title>
</todo>

Overview Video

Watch on YouTube

Patreon ad free version

Learn More and Start Testing


You will need a Github account to comment. Or you can contact me with your comment.

I reserve the right to delete spam comments e.g. if your comment adds no value and its purpose is simply to create a backlink to another site offering training, or courses, etc.