Over a million developers have joined DZone.

API Monitoring: JMeter for Posting Data With Random Generated Keys

DZone 's Guide to

API Monitoring: JMeter for Posting Data With Random Generated Keys

Monitoring is important for any deployed API. See how to accomplish this if your API requires tokens or keys to verify or authenticate requests.

· DevOps Zone ·
Free Resource

Web APIs are the defined interfaces through which interactions happen between an enterprise and applications that use its assets. An API approach is an architectural approach that revolves around providing programmable interfaces to a set of services to different applications serving different types of consumers. When used in the context of web development, an API is typically defined as a set of Hypertext Transfer Protocol (HTTP) request messages, along with a definition of the structure of response messages, which is usually in an XML or JSON format. If you are using Web APIs you should be sure that your API calls are always working. It means that you should monitor them. If you have constant API call you can easily monitor it with uptime monitoring. With help of uptime monitoring you can easily check availability and response time of your API call from more than 30 locations both with POST and GET methods.

What Are Random Generated Keys?

Random generated keys or security tokens are used to gain access to an electronically restricted resource. It is used in addition to or in place of a password. It acts like an electronic key to access something.

And what to do if your API call must include some random generated key or value?

Yes! Defiantly you must use JMeter.  JMeter is like a web browser but without JavaScript and UI elements. Now we will see how to create JMeter scripts step by step for posting data with a random generated key.

How to Create JMeter Scripts Step by Step for Posting Data With Random Generated Key 

JMeter is an open source program which you can download from Apache official page. First of all, we should understand what we need. Let’s consider that we have many franchise dealers who do some sailing for us. Our dealers use web interfaces which send API calls with JSON format from back-end for creating orders in our system. These API calls include different attributes regarding orders: e.g. customer name, age, product information and some token value. This token value is being used for security reasons. It means that every time when the dealer wants to place the order he has to get the token value from another page or URL and put it in an appropriate filed.

In this case, we have to send two requests from JMeter. One is “GET” request which will get the page from where the token value will be generated and the second is “PUT” request, which will put all required data for creating the order in our system.

At the first step, you should add “Thread Group.”  For doing that after opening JMeter right click on “Test Plan”-> Add -> Threads and press on “Thread Group”. In case of testing on multiuser mode with JMeter you can increase quantity of users any time from “Thread Group” fields. 

Image title

Adding “Thread Group” in JMeter. 

 After adding “Thread Group” you can configure quantity of users and iterations. From “Thread Properties” you can set:

  • Thread name
  • Number of Threads (quantity of users)
  • Ramp-up Period (time period in which your test should be done)
  • Loop Count (quantity of iterations which you want to execute)

Image title

“Thread Group” properties.

Then we must add two http requests: “GET” and “POST”. For that you must right-click on “Thread Group” -> Add -> Sampler -> and then choose HTTP Request. In order to be able to export the token value from the “GET” request response, you must create regular expression. For that you must right click on HTTP Request->Add -> Post Processor and choose Regular Expression Extractor. In favor of making the script structure more informative we can rename “HTTP Request” to “HTTP GET” and our “Regular Expression Extractor” to “Extract token value.” Also, you need to add another HTTP request for “POST” request.

Image title

HTTP GET and POST requests.

GET request response example: 

{“tokenvalue”: “eyJqdGkiOiJkYjA5OGYxZS0zMzRmLTQ0MjktYTI1Ni”, “Valid”: 1200, “isWrong”: false, “sessionID”: “f65db5db8e4034cf6”}

In our example, we see that after executing GET request in response body we receive a JSON message in which “tokenvalue” is our token that has the value “eyJqdGkiOiJkYjA5OGYxZS0zMzRmLTQ0MjktYTI1Ni.”

In order to be able to save this value and use in POST request you must configure Regular Expression Extractor.

You must fill in the below fields: 

  • Reference Name: output (this is just a name of variable in which we will save the needed information) 
  • Regular Expression: {“tokenvalue”:”(.*)”, (this is our condition for getting token value)
  • Template: $1$
  • Match: 1 (this means that JMeter will take the first match, in case of a 0 value script will take random match, but as we have only one token value in the response “1” is OK for us)

Image title

Regular Expression Extractor fields.

For configuring “POST” request you need to change the method to POST and insert Body data from HTTP Post request basic settings.

Post data example: {“Custname”: “Name”, “custsurname”: “Surname”, “ProductID”: “someID”, “Discount”: “10”, “freeshipping”: true, “Dealername”:”Dealer”, “DealerID”: “12541”, “Tokenvalue”: “${output}”,} 

Image title

POST request example.

As in our example, the “POST” request is using JSON format we must add HTTP Header Manager. In the header manager, you can add any HTTP header which is needed for processing the request. In our example, we need to have “content-type” with “application/json” value. 

Image title

Adding “HTTP Header Manager” for POST request.

You can add a “View Results Tree” listener for checking results. To fulfill that, again right click on “Thread Group” and go to Add -> Listener -> View Results Tree.

After executing the script, you can click on “View Results Tree” listener and look at your test results.

How to Set Up JMeter Monitor

For 24/7 constant monitoring, you can set up JMeter monitor.

You can simply sign in to your Monitis dashboard or sign up if you don’t have an account yet. 

After sing in from the main menu, go to Monitors -> Application Monitors -> JMeter. To avoid possible abuse of the service, JMeter scripts added by in-trial users will be reviewed by within 24 hours before they are allowed to run. If no threat is detected, the script will be enabled from the server side. Otherwise, the scripts will stay blocked and you will receive an email.

api monitoring ,jmeter ,devops ,performance

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}