How to Test DELETE Requests Using Rest Assured

DELETE requests are a crucial part of API testing, especially when ensuring data consistency and integrity. In this guide, we'll look at how to use Rest Assured to test DELETE requests effectively, verifying the successful removal of resources and handling edge cases.

Why Test DELETE Requests?

DELETE requests are used to remove resources on the server, and they often impact data directly. Ensuring these requests work as expected is critical to prevent unintended data loss or stale resources.

Some common DELETE request scenarios include:

  1. Successful Deletion - Confirm the resource is removed as expected.
  2. Non-existent Resource - Attempt to delete a resource that does not exist.
  3. Unauthorized Deletion - Verify that only authorized users can delete specific resources.

Setting Up Rest Assured for DELETE Requests

Rest Assured is a Java library that simplifies testing RESTful APIs. Before we dive into DELETE testing, ensure you have the following setup:

1. Dependencies: Add Rest Assured in your pom.xml if you’re using Maven.

<dependency>
    <groupId>io.rest-assured</groupId>
    <artifactId>rest-assured</artifactId>
    <version>5.3.0</version>
</dependency>

2. Base URI and Endpoint: Define the base URI and endpoint paths to organize the tests better.


Writing a Basic DELETE Request Test

Let's create a test case to delete a resource. In this example, we’ll delete a user from the system by user ID.

Step 1: Define the Base URI and Path Parameters

import io.restassured.RestAssured;
import io.restassured.response.Response;
import static io.restassured.RestAssured.*;
import static org.hamcrest.Matchers.*;

public class DeleteRequestTest {

    // Set up Base URI for the API
    static {
        RestAssured.baseURI = "https://jsonplaceholder.typicode.com";
    }
}


Step 2: Write the DELETE Request

Here’s a test case that will delete a user with a specific ID. After deletion, we’ll verify the status code.

import org.testng.annotations.Test;


public class DeleteRequestTest {


    @Test

    public void deleteUserById() {

        int userId = 5;  // ID of the user to delete


        given()

            .pathParam("id", userId)

        .when()

            .delete("/users/{id}")

        .then()

            .statusCode(200);  // Assuming 200 OK for successful deletion

    }

}

In this test:

  • We set the userId as a path parameter.
  • The .delete("/users/{id}") method performs the DELETE request.
  • Finally, we verify the response status code is 200, indicating success.


Additional Validations After Deletion

Testing a DELETE request often requires additional verification, such as confirming the resource no longer exists.

Step 3: Validate Deletion

After deletion, we’ll check if a GET request on the same resource returns a 404 Not Found status.

@Test

public void verifyUserDeleted() {

    int userId = 5;


    // First, delete the user

    given()

        .pathParam("id", userId)

    .when()

        .delete("/users/{id}")

    .then()

        .statusCode(200);


    // Then, verify the user no longer exists

    given()

        .pathParam("id", userId)

    .when()

        .get("/users/{id}")

    .then()

        .statusCode(404);

}

Handling Edge Cases in DELETE Testing

DELETE requests can have various edge cases, which are essential to test to ensure robustness.

1. Non-existent Resource: If the resource doesn’t exist, we should get a 404 Not Found response.

@Test
public void deleteUserThatDoesNotExist() {
    int nonExistentUserId = 999;

    given()
        .pathParam("id", nonExistentUserId)
    .when()
        .delete("/users/{id}")
    .then()
        .statusCode(404);  // Expecting 404 if the user does not exist
}

2. Unauthorized Deletion: For APIs with authentication, ensure only authorized users can perform DELETE operations. You can include authentication headers for this test.
@Test
public void deleteUserWithUnauthorizedAccess() {
    int userId = 5;

    given()
        .pathParam("id", userId)
        .auth()
        .basic("invalidUser", "invalidPassword")  // Example of basic auth
    .when()
        .delete("/users/{id}")
    .then()
        .statusCode(401);  // Expecting 401 Unauthorized
}

3. Validate Database Consistency: For APIs connected to databases, test that the resource is removed entirely from the database, preventing stale data.


Full Example: DELETE Request Testing

Here’s the complete test class covering different scenarios:

import io.restassured.RestAssured;

import org.testng.annotations.BeforeClass;

import org.testng.annotations.Test;


import static io.restassured.RestAssured.given;

import static org.hamcrest.Matchers.equalTo;


public class DeleteRequestTest {


    @BeforeClass

    public void setup() {

        RestAssured.baseURI = "https://jsonplaceholder.typicode.com";

    }


    @Test

    public void deleteUserById() {

        int userId = 5;


        given()

            .pathParam("id", userId)

        .when()

            .delete("/users/{id}")

        .then()

            .statusCode(200);

    }


    @Test

    public void verifyUserDeleted() {

        int userId = 5;


        // First, delete the user

        given()

            .pathParam("id", userId)

        .when()

            .delete("/users/{id}")

        .then()

            .statusCode(200);


        // Then, verify the user no longer exists

        given()

            .pathParam("id", userId)

        .when()

            .get("/users/{id}")

        .then()

            .statusCode(404);

    }


    @Test

    public void deleteUserThatDoesNotExist() {

        int nonExistentUserId = 999;


        given()

            .pathParam("id", nonExistentUserId)

        .when()

            .delete("/users/{id}")

        .then()

            .statusCode(404);

    }


    @Test

    public void deleteUserWithUnauthorizedAccess() {

        int userId = 5;


        given()

            .pathParam("id", userId)

            .auth()

            .basic("invalidUser", "invalidPassword")

        .when()

            .delete("/users/{id}")

        .then()

            .statusCode(401);

    }

}

Followers