Test Plan for CAPIF Api Publish Service
At this documentation you will have all information and related files and examples of test plan for this API.
Test Case 1: Publish API by Authorised API Publisher
Test ID: capif_api_publish_service-1
Description:
This test case will check that an API Publisher can Publish an API
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
Execution Steps:
- 
Register Provider at CCF and store certificates. 
- 
Publish Service API 
- 
Retrieve {apiId} from body and Location header with new resource created from response 
Information of Test:
- 
Perform Provider Registration 
- 
Publish Service API at CCF: 
- 
Send POST to ccf_publish_url: https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis 
- body service api description with apiName service_1
- Use APF Certificate
Expected Result:
- 
Response to Publish request must accomplish: - 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
 
- 
Published Service API is stored in CAPIF Database 
Test Case 2: Publish API by NON Authorised API Publisher
Test ID: capif_api_publish_service-2
Description:
This test case will check that an API Publisher cannot Publish an API withot valid apfId
Pre-Conditions:
- CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API with invalid APF ID
Information of Test:
- 
Perform Provider Registration 
- 
Publish Service API with invalid APF ID at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{APF_ID_NOT_VALID}/service-apis
- body service api description with apiName service_1
- Use APF Certificate
 
Expected Result:
- 
Response to Publish request must accomplish: - 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:- status 401
- title with message "Unauthorized"
- detail with message "Publisher not existing".
- cause with message "Publisher id not found".
 
 
- 
Service API is NOT stored in CAPIF Database 
Test Case 3: Retrieve all APIs Published by Authorised apfId
Test ID: capif_api_publish_service-3
Description:
This test case will check that an API Publisher can Retrieve all API published
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
- At least 2 service APIs are published.
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API service_1
- Retrieve {apiId1} from body and Location header with new resource created from response
- Publish Service API service_2
- Retrieve {apiId2} from body and Location header with new resource created from response
- Retrieve All published APIs and check if both are present.
Information of Test:
- 
Perform Provider Registration 
- 
Publish Service API at CCF: - Send POST to https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
 
- 
Publish Other Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_2
- Get apiId
- Use APF Certificate
 
- 
Retrieve all published APIs: - Send GET to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- Use APF Certificate
 
Expected Result:
- 
Response to service 1 Publish request must accomplish: - 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId1}
 
- 
Response to service 2 Publish request must accomplish: - 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId2}
 
- 
Published Service APIs are stored in CAPIF Database 
- 
Response to Retrieve all published APIs: - 200 OK
- Response body must return an array of ServiceAPIDescription data.
- Array must contain all previously published APIs.
 
Test Case 4: Retrieve all APIs Published by NON Authorised apfId
Test ID: capif_api_publish_service-4
Description:
This test case will check that an API Publisher cannot Retrieve API published when apfId is not authorised
Pre-Conditions:
- CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
Execution Steps:
- Register Provider at CCF and store certificates.
- Retrieve All published APIs
Information of Test:
- 
Perform Provider Registration 
- 
Retrieve all published APIs: - Send GET to https://{CAPIF_HOSTNAME}/published-apis/v1/{APF_ID_NOT_VALID}/service-apis
- Use APF Certificate
 
Expected Result:
- 
Response to Publish request must accomplish: - 401 Non Authorized
- Error Response Body must accomplish with ProblemDetails data structure with:- status 401
- title with message "Unauthorized"
- detail with message "Provider not existing".
- cause with message "Provider id not found".
 
 
- 
Service API is NOT stored in CAPIF Database 
Test Case 5: Retrieve single APIs Published by Authorised apfId
Test ID: capif_api_publish_service-5
Description:
This test case will check that an API Publisher can Retrieve API published one by one
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
- At least 2 service APIs are published.
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API service_1.
- Retrieve {apiId1} from body and Location header with new resource created from response.
- Publish Service API service_2.
- Retrieve {apiId2} from body and Location header with new resource created from response.
- Retrieve service_1 API Detail.
- Retrieve service_2 API Detail.
Information of Test:
- 
Perform Provider Registration 
- 
Publish Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
 
- 
Publish Other Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_2
- Get apiId
- Use APF Certificate
 
- 
Retrieve service_1 published APIs detail: - Send GET to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{apiId1}
- Use APF Certificate
 
- 
Retrieve service_2 published APIs detail: - Send GET to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{apiId2}
- Use APF Certificate
 
Expected Result:
- 
Response to service 1 Publish request must accomplish: - 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId1}
 
- 
Response to service 2 Publish request must accomplish: - 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId2}
 
- 
Published Service APIs are stored in CAPIF Database 
- 
Response to Retrieve service_1 published API using apiId1: - 200 OK
- Response body must return a ServiceAPIDescription data.
- Array must contain same information than service_1 published registration response.
 
- 
Response to Retrieve service_2 published API using apiId2: - 200 OK
- Response body must return a ServiceAPIDescription data.
- Array must contain same information than service_2 published registration response.
 
Test Case 6: Retrieve single APIs non Published by Authorised apfId
Test ID: capif_api_publish_service-6
Description:
This test case will check that an API Publisher try to get detail of not published api.
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
- No published api
Execution Steps:
- Register Provider at CCF and store certificates.
- Retrieve not published API Detail.
Information of Test:
- Perform Provider Registration
- Retrieve not published APIs detail:- Send GET to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}
- Use APF Certificate
 
Expected Result:
- Response to Retrieve for NOT published API must accomplish:- 404 Not Found
- Error Response Body must accomplish with ProblemDetails data structure with:- status 404
- title with message "Not Found"
- detail with message "Service API not found".
- cause with message "No Service with specific credentials exists".
 
 
Test Case 7: Retrieve single APIs Published by NON Authorised apfId
Test ID: capif_api_publish_service-7
Description:
This test case will check that an API Publisher cannot Retrieve detailed API published when apfId is not authorised
Pre-Conditions:
- CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API at CCF
- Retrieve {apiId} from body and Location header with new resource created from response.
- Register and onboard Invoker at CCF
- Store signed Invoker Certificate
- Retrieve detailed published API acting as Invoker
Information of Test:
- 
Perform Provider Registration and Invoker Onboarding 
- 
Publish Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
 
- 
Retrieve detailed published APIs: - Send GET to https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/${apiId}
- Use Invoker Certificate
 
Expected Result:
- 
Response to Retrieve Detailed published API acting as Invoker must accomplish: - 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:- status 401
- title with message "Unauthorized"
- detail with message "User not authorized".
- cause with message "Certificate not authorized".
 
 
- 
Service API is NOT stored in CAPIF Database 
Test Case 8: Update API Published by Authorised apfId with valid serviceApiId
Test ID: capif_api_publish_service-8
Description:
This test case will check that an API Publisher can Update published API with a valid serviceApiId
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
- A service APIs is published.
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API
- Retrieve {apiId} from body and Location header with new resource url created from response
- Update published Service API.
- Retrieve detail of Service API
Information of Test:
- 
Perform Provider Registration 
- 
Publish Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- get resource url from location Header.
- Use APF Certificate
 
- 
Update published API at CCF: - Send PUT to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}
- body service api description with overrided apiName to service_1_modified
- Use APF Certificate
 
- 
Retrieve detail of service API: - Send GET to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}
- check apiName is service_1_modified
- Use APF Certificate
 
Expected Result:
- 
Response to Publish request must accomplish: - 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
 
- 
Response to Update Published Service API: - 200 OK
- Response Body must follow ServiceAPIDescription data structure with:- apiName service_1_modified
 
 
- 
Response to Retrieve detail of Service API: - 200 OK
- Response Body must follow ServiceAPIDescription data structure with:- apiName service_1_modified.
 
 
Test Case 9: Update APIs Published by Authorised apfId with invalid serviceApiId
Test ID: capif_api_publish_service-9
Description:
This test case will check that an API Publisher cannot Update published API with a invalid serviceApiId
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority)
Execution Steps:
- Register Provider at CCF and store certificates.
- Update published Service API.
Information of Test:
- 
Perform Provider Registration 
- 
Publish Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
 
- 
Update published API at CCF: - Send PUT to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}
- body service api description with overrided apiName to service_1*_modified*
- Use APF Certificate
 
Expected Result:
- 
Response to Publish request must accomplish: - 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
 
- 
Response to Update Published Service API: - 404 Not Found
- Error Response Body must accomplish with ProblemDetails data structure with:- status 404
- title with message "Not Found"
- detail with message "Service API not found".
- cause with message "Service API id not found".
 
 
Test Case 10: Update APIs Published by NON Authorised apfId
Test ID: capif_api_publish_service-10
Description:
This test case will check that an API Publisher cannot Update API published when apfId is not authorised
Pre-Conditions:
- CAPIF subscriber is NOT pre-authorised (has invalid apfId from CAPIF Authority)
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API at CCF
- Retrieve {apiId} from body and Location header with new resource created from response.
- Register and onboard Invoker at CCF
- Store signed Invoker Certificate
- Update published API at CCF as Invoker
- Retrieve detail of Service API as publisher
Information of Test:
- 
Perform Provider Registration and Invoker Onboarding 
- 
Publish Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
 
- 
Update published API at CCF: - Send PUT to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
- body service api description with overrided apiName to service_1*_modified*
- Use Invoker Certificate
 
- 
Retrieve detail of service API: - Send GET to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}
- check apiName is service_1
- Use APF Certificate
 
Expected Result:
- 
Response to Update published API acting as Invoker must accomplish: - 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:- status 401
- title with message "Unauthorized"
- detail with message "User not authorized".
- cause with message "Certificate not authorized".
 
 
- 
Response to Retrieve Detail of Service API: - 200 OK
- Response Body must follow ServiceAPIDescription data structure with:- apiName service_1.
 
 
Test Case 11: Delete API Published by Authorised apfId with valid serviceApiId
Test ID: capif_api_publish_service-11
Description:
This test case will check that an API Publisher can Delete published API with a valid serviceApiId
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
- A service APIs is published.
Execution Steps:
- Register Provider at CCF and store certificates.
- Publish Service API
- Retrieve {apiId} from body and Location header with new resource created from response
- Remove published API at CCF
- Try to retreive deleted service API from CCF
Information of Test:
- 
Perform Provider Registration 
- 
Publish Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
 
- 
Remove published Service API at CCF: - Send DELETE to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
- Use APF Certificate
 
- Retrieve detail of service API:- Send GET to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{serivceApiId}
- Use APF Certificate
 
Expected Result:
- 
Response to Publish request must accomplish: - 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId}/service-apis/{serviceApiId}
 
- 
Published Service API is stored in CAPIF Database 
- 
Response to Remove published Service API at CCF: - 204 No Content
 
- 
Response to Retrieve for DELETED published API must accomplish: - 404 Not Found
- Error Response Body must accomplish with ProblemDetails data structure with:- status 404
- title with message "Not Found"
- detail with message "Service API not found".
- cause with message "No Service with specific credentials exists".
 
 
Test Case 12: Delete APIs Published by Authorised apfId with invalid serviceApiId
Test ID: capif_api_publish_service-12
Description:
This test case will check that an API Publisher cannot Delete with invalid serviceApiId
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
Execution Steps:
- Register Provider at CCF and store certificates.
- Remove published API at CCF with invalid serviceId
Information of Test:
- 
Perform Provider Registration 
- 
Remove published Service API at CCF with invalid serviceId: - Send DELETE to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}
- Use APF Certificate
 
Expected Result:
- Response to Remove published Service API at CCF:- 404 Not Found
- Error Response Body must accomplish with ProblemDetails data structure with:- status 404
- title with message "Not Found"
- detail with message "Service API not found".
- cause with message "Service API id not found".
 
 
Test Case 13: Delete APIs Published by NON Authorised apfId
Test ID: capif_api_publish_service-13
Description:
This test case will check that an API Publisher cannot Delete API published when apfId is not authorised
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
Execution Steps:
- Register Provider at CCF and store certificates.
- Register Invoker and onboard Invoker at CCF
- Remove published API at CCF with invalid serviceId as Invoker
Information of Test:
- 
Perform Provider Registration and Invoker Onboarding 
- 
Publish Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF Certificate
 
- 
Remove published Service API at CCF with invalid serviceId as Invoker: - Send DELETE to resource URL https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis/{SERVICE_API_ID_NOT_VALID}
- Use Invoker Certificate.
 
Expected Result:
- Response to Remove published Service API at CCF:- 401 Unauthorized
- Error Response Body must accomplish with ProblemDetails data structure with:- status 401
- title with message "Unauthorized"
- detail with message "User not authorized".
- cause with message "Certificate not authorized".
 
 
Test Case 14: Check Two Published APIs with different APFs are removed when Provider is deleted
Test ID: capif_api_publish_service-13
Description:
This test case will check that a Provider registered with two APFs, with one API published with each APF are removed properly when provider is removed.
Pre-Conditions:
- CAPIF subscriber is pre-authorised (has valid apfId from CAPIF Authority).
Execution Steps:
- Register Provider with 2 APFs at CCF and store certificates.
- Publish service_1 API with APF_1
- Publish service_2 API with APF_2
- Retrieve APIs published by APF_1
- Retrieve APIs published by APF_2
- Remove Provider by AMF
Information of Test:
- 
Perform Provider Registration and Invoker Onboarding 
- 
Publish service_1 Service API at CCF: - Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId1}/service-apis
- body service api description with apiName service_1
- Get apiId
- Use APF_1 Certificate
 
- Publish service_2 Service API at CCF:- Send POST to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId2}/service-apis
- body service api description with apiName service_2
- Get apiId
- Use APF_2 Certificate
 
- Retrieve all published APIs by APF_1:- Send GET to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId1}/service-apis
- Use APF_1 Certificate
 
- Retrieve all published APIs by APF_2:- Send GET to ccf_publish_url https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId2}/service-apis
- Use APF_2 Certificate
 
- Get Number of services published by superadmin:- Store value obtained in services_present_on_ccf_after_publish
 
- Delete registered provider:- Send DELETE https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations/{registrationId}
- Use AMF Certificate.
 
- Get Number of services published by superadmin:- Store value obtained in services_present_on_ccf_after_delete_provider
 
Expected Result:
- Response to Publish request must accomplish:- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId1}/service-apis/{serviceApiId}
 
- Response to Publish request must accomplish:- 201 Created
- Response Body must follow ServiceAPIDescription data structure with:- apiId
 
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/published-apis/v1/{apfId2}/service-apis/{serviceApiId}
 
- Response to Retrieve all published APIs by APF_1:- 200 OK
- Response body must return an array of ServiceAPIDescription data.
- Array must contain all previously published APIs by APF_1.
 
- Response to Retrieve all published APIs by APF_2:- 200 OK
- Response body must return an array of ServiceAPIDescription data.
- Array must contain all previously published APIs by APF_2.
 
- Delete Provider:- 204 No Content response.
 
- Check two APIs where removed after remove provider:- services_present_on_ccf_after_publish - services_present_on_ccf_after_delete_provider = 2