Actions
SQA #3932
open[SQA] Auth & Agency Onboarding API
Description
Test Case Design & Review¶
- Created comprehensive API test cases for the following endpoints:
/auth/v2/resend-email-verification-link/auth/v2/check-email-uniqueness/auth/v2/check-agency-name-uniqueness
- Reviewed API response contracts against expected business rules and validation logic.
API Automation (Postman)¶
- Implemented Pre-request scripts:
- Email normalisation (lowercase enforcement)
- Required variable validation (fail-fast)
- Dynamic test data setup (email, agency name, role)
- Implemented Post-request scripts:
- Safe JSON parsing with error handling
- Flexible assertions for success and failure responses
- Environment variable persistence for chained flows
- Conditional logic for uniqueness checks and resend behaviour
Security & Compliance Review¶
- Performed API security review on signup response:
- Identified security risks related to:
- Verification link exposure in API response
- JWT token leakage
- Email passed as URL query parameter
- Mapped findings against OWASP ASVS & API security best practices
- Provided secure response contract recommendations
- Identified security risks related to:
Defect Identification & Documentation¶
- Identified potential High-severity security vulnerability:
- Sensitive verification token exposed via API response
- Prepared defect details, including:
- Issue description
- Security impact
- Recommended mitigation
- Severity classification
Test Data & Utilities¶
- Generated reusable Postman utilities:
- Random secure password generator
- Lowercase email generator
- Environment-based test data management
- Improved test stability by eliminating case-sensitivity issues.
Test Execution & Validation¶
- Executed API test flows:
- Email uniqueness → Signup → Resend verification → Verify email
- Validated response structure, status codes, and business logic.
- Verified error handling and message consistency.
Updated by Aman Bhuiyan 4 months ago
- % Done changed from 30 to 40
API Testing Activities¶
-
Algonyx Staging API Testing
- Conducted testing on the Algonyx staging API throughout the day.
- During the first half of the testing session, encountered multiple server-related issues (e.g., connectivity problems, timeouts, and response errors) that impacted progress.
-
Algonyx Dev API Testing
- Switched to the Algonyx dev API for testing in the last hour.
- All previously observed server-related issues were resolved, enabling smooth and uninterrupted test execution.
Test Case Development¶
- Developed and wrote automated test cases for Algonyx API testing.
- Utilized the Playwright framework to create browser-based automation scripts, covering:
- API endpoint validation
- Request/response verification
- Error handling scenarios
- Comprehensive coverage of critical flows
Overall Progress¶
- Initial challenges on the staging environment were effectively mitigated by switching to the dev API.
- Testing productivity increased significantly in the latter part of the day.
- Continued focus on building a robust test suite using Playwright for future regression and stability checks.
If any additional details, logs, or screenshots are required, please let me know.
Media¶
Updated by Aman Bhuiyan 4 months ago
- % Done changed from 40 to 60
Actions