DEV Community: Hardik Shah

What are the most common tools used by experienced developers for functional testing?

Hardik Shah — Wed, 23 Mar 2022 16:38:14 +0000

We all agree that “testing is an integral part of the software development process.” Every application that is developed or being developed needs to pass through testing to offer optimal performance for the end-users. However, until recently, the reality was something else. Organizations used to focus on crazily developing features rather than testing the integrity of the applications.

But, as the app market competition became fierce, IT enterprises started focussing on app stability than app features. Following in the same footsteps, I have initiated the same plan within my organization. With the help of this article, I would like to share my experiences on which tools worked best for us for functional testing.

Tools to be used for Functional Testing

Functional testing is carried out to test the software against its functional requirements/specifications. Such tests don’t consider how a process occurs. Instead, it focuses on the intended result of the process. Functional testing is a type of software testing that is subdivided into four different testing levels: unit testing, integration testing, system testing, and acceptance testing.

Unit testing

Unit testing is essential for validating the functions of a specific part or unit. Tools used for unit testing are Jest and Enzyme.

Features of Jest

Offers CLI for easy control of your tests
Provides powerful syntax features that prove to be helpful during debugging
Offers interactive mode that automatically runs all affected tests for the code changes made in the last commit.

Features of Enzyme

Especially beneficial while working with React, Enzyme Provides an API to Examine React Components.
It offers a shallow rendering that keeps tests simpler.

Integration testing

This type of testing is concerned with the software modules being logically integrated and tested as a group. Selenium is used for performing integration testing.

Features of Selenium

Selenium supports parallel test execution that reduces the time taken in executing parallel tests.
The testing tool is open-source and portable in nature.
Once the test cases are prepared, Selenium offers OS flexibility as the test cases can be run from any operating system like Linux, macOS, Windows, etc.

System testing

The goal of system testing is to test the integrity of the entire system for system failures or errors. Our organization leverages Cypress to assist with system testing.

Features of Cypress

Cypress offers behavioral control of functions, servers, responses, and timers.
It offers flexibility to control stub and test edge cases without involving your server.
Testers don’t have to manually introduce waits and sleep to the tests. Cypress automatically waits for commands and assertions before moving on.

Acceptance testing

This testing type verifies the product’s compliance with business requirements and functionality. Acceptance testing is usually manual in nature and is performed by developers, QA, and stakeholders. Usually, it's done in the staging environment or any preproduction environment. Once everyone is satisfied, it's flagged as ready for prod.

Conclusion

Testing tools are crucial for enhancing the effectiveness of any testing. This article serves as a testing tool recommendation for conducting functional testing. Do you have any other tools in mind? Let us know about it in the comments below!

Six Serverless Frameworks to watch in 2021

Hardik Shah — Tue, 15 Jun 2021 03:56:11 +0000

Are you planning to adopt serverless architecture to proliferate your business productivity? If your answer is yes, you’ve come to the right place.

There are many platforms and frameworks available to integrate serverless in your tech stack. You might know a few frameworks and may have used some of them. But, choosing the one that can accelerate your product in terms of scalability and cost-efficiency is not easy.

Many large-scale enterprises like Amazon, Netflix, Nordstrom, Mindmup, etc., use this software architecture pattern and enjoy tremendous benefits such as faster development, security, and improved productivity.

Not only that, but startups are also leveraging this breakthrough technology. Using serverless for startups is a classic example of how organizations can shift their focus from infrastructure provisioning and management to building actual products.

Serverless Frameworks

It’s challenging to decide on one framework for your business product to integrate with your cloud platform provider. If you’re delving into a dilemma of what framework can benefit your business most, then fret not.

Let’s explore the following Serverless frameworks for 2021:

Serverless

With more than 39.9k stars and 4.8k forks on GitHub, this is the most popular framework available for building varieties of serverless applications. In addition, this toolkit lets you package and deploy apps to multiple cloud service providers like AWS, Azure, and Google Cloud Function.

Some of the features this framework offers include multi-language support, scaffolding, workflow automation, etc., and it is extensible via plugins.

Zappa

Zappa is a Python framework, which allows you to build and deploy any WSGI-compatible serverless and event-driven applications hosted on AWS Lambda. Using three simple commands - install, init, and deploy, you can easily deploy applications developed in Django, Flask, and other Python frameworks on AWS Lambda and API Gateway.

Architect

Architect a.k.a. ARC is the sophisticated OpenJS foundation project that is used to define serverless architecture. Low-code, offline workflows, and well-integrated local development are a few features of this framework. And what’s more, it allows you to quickly and concisely build, deploy, and manage AWS serverless infrastructure.

Sigma

Sigma is a cloud-based platform to provide support for serverless development in AWS and GCP. It’s a fully-featured IDE that entirely runs on the browser and lets you write and publish the code in real-time.

You need backend services for authenticating users and collecting analytical data. Other than that, it doesn’t require a backend to perform any other functions, as it is serverless itself. It is a real fast IDE with monitoring and debugging features and is worth trying for your serverless project.

Up

This feature-rich framework allows you to deploy serverless applications, static websites, and API gateways with infinite scalability. Moreover, you don’t need to learn new languages. Instead, you can start with your choice of frameworks like Express and Django and build your web product.

It supports multiple runtimes, includes Node.js 10.x, Golang, Python, and Crystal. Furthermore, you can quickly deploy applications without any difficulty using a single command. Structured logging, instant rollback, and encrypted environment are a few features of this framework.

Pulumi

It is an Infrastructure as Code (IaC) SDK that lets you create, deploy, and manage serverless infrastructure on any cloud-based platform. Fortunately, you can use your choice of language, tools, and engineering practices to build, deploy, and manage cloud-based apps. It also supports TypeScript, JavaScript, Python, Go, and .NET frameworks.

Pulumi is the best option for provisioning and managing infrastructure tasks on cloud service providers like AWS, Azure, GCP, and Kubernetes.

Conclusion

The market is flooded with lots of serverless frameworks, and most of them are designed to offer rapid development and deployment of a project. Unfortunately, though, each is meant for a defined task. Henceforth, deciding the appropriate one for your project depends solely on the project requirement.

I have tried to list out a few best serverless frameworks here. I hope this will help you in deciding the one for your serverless project. Which framework are you going to choose? Please let me know in the comments, or you can contact me for any discussion.

6 Amazing Characteristics that make Headless CMS different from Traditional CMS platforms

Hardik Shah — Tue, 01 Jun 2021 12:04:00 +0000

A headless CMS is more of a content repository that makes content accessible via API calls and represents the content on any device regardless of the frontend design.

For frontend developers, it's like changing the heads (the devices) via their respective APIs. Popular examples of headless CMS include Strapi, Agility CMS, Ghost, and more.

Unlike traditional CMS that connects the frontend and backend of a website, prepare an application codebase and take the content to the final presentation layer (the display).

Examples of traditional CMS include WordPress, Drupal, etc. Now, this is how headless CMS architecture is designed. It uses different APIs and serves all kinds of the frontend. But what makes it super flexible and popular than traditional CMS for users?

Here are the main characteristics of headless CMS that make it popular among users.

Offers reusability of content

It lets users reuse the content from the backend and publish it over various devices with internet connectivity.
Contentful, a popular headless CMS, offers the content infrastructure for reusability purposes which works as a critical component for content creation, personalization, and localization.

Handier (Easy to use)

Since headless CMS focuses on the content, it eliminates the additional effort of developers to publish the same content over multiple sites.
Platforms like Strapi offer greater accessibility for customization of admin panels and APIs with faster development using RESTful and GraphQL APIs. Strapi’s also known for its open-source codebase that’s accessible on GitHub.

Affordable

The multi-tenant architectural system reduces the cost of maintaining multiple sites.
Opting for a headless architecture proves economical if you have similar content and separate sites for your product.
Offers built-in features and cost-effective approaches for content publishing and management

Flexible

It lets developers pick their preferred programming language and not need to fit any proprietary development constraints since it is API-driven.
It gives developers the freedom to develop code their way and integrate even complex systems.
Many CMS platforms provide SDKs for most of the popular developing languages for better multi-site management. Famous examples include Contentful, which uses a modern tech stack and API first approach.

Long-term secure & performant

The content stored at the headless CMS’s back-end is long-term security for companies planning to change application platforms.
It enables its users to migrate to a platform without rewriting the content quickly.
Platforms with more data privacy for developers and brands through their self-hosted feature.
Provides industrial-grade security of the content data and allows expansion through its scalable optimization, making it flawless for extensive data management. Examples include Kontent that functions as a Cloud-based SaaS and offers outstanding performance.

Content-centric

The headless CMS is a content-first platform, which means that businesses can first decide on a content model. Later, the website or application can be designed around the content instead of fitting the content over the template presentation.
Platforms like Agility CMS with decoupled and microservices architecture, making it a content-focused platform for sharing over multiple sites.

SEO capabilities & compatibility

Platforms like Ghost offer SEO capabilities to their content managers without the requirement of any third-party plugins for adapting to quality marketing approaches and are compatible with over 500+ third-party apps that allow robust automation and superior workflow.
Offers custom integration opportunities by giving complete control of the frontend, coupled with Ghost JSON API and webhooks.
Headless CMS platforms like Stapi offer wider compatibility with frameworks like Vue, React, and Angular.

Apart from the above-mentioned headless CMS features, you can look at this blog on multisite management using headless CMS and check out which headless CMS works best for your business.

Top Voice API use cases for your app projects

Hardik Shah — Wed, 27 Jan 2021 13:02:51 +0000

Voice APIs create robust programmable calling features for the app to phone and web to phone calls. It enables developers to build call logic and VoIP functionalities and connect their apps to a Public Switched Telephone Network(PSTN).

Thanks to communication APIs platforms for a wide range of voice APIs for different use cases. If anyone thinks that these APIs are just for adding call functionality, they are just scratching the surface. Let’s look at some real-life use cases for voice APIs!

1. Voice Instructions

If you are developing an eCommerce app or food delivery app, a voice instruction feature can improve the user experience. For example, a food delivery app like Zomato has introduced the voice instruction feature that allows the users to leave specific directions or other information through voice messages.

With a voice API integration, you can allow the users to add voice instructions and help delivery personnel access them in real-time. Especially with a remote location for delivery, voice instructions can help reduce the delays.

2. Voice Reminders

Banking apps or financial services often send voice messages or reminders for payments. Credit card services and financial lending services can use voice APIs to send voice reminders on-time payments. Developers can use voice APIs for programmable pre-recorded voice reminders that are sent to users.

3. Voice Support

Consumer support features with instant voice calling are commonplace, but developers can leverage voice APIs for analytical data. Voice API providers offer call recording, Interactive Voice Response (IVR), call logging, and even SIP(Session Initiation Protocol) calling. Developers can use these features to introduce call data analytics in business applications.

4. Call Authentication

When it comes to the security of transactions on your apps, two-factor authentications are extensively used. Developers can integrate instant OTP authentication callback function for user logins and payment validations with a voice API.

One Time Passwords(OTP) through SMS are highly insecure, especially with the SIM swap frauds being too prevalent. Developers can use modern innovations like face recognition or finger touch sensors to trigger an authentication OTP call.

5. Video Conferencing

If you plan to develop a video conferencing feature for your project, many voice API providers like Nexmo and Twilio offers dedicated solutions. Apart from these two API providers, there are many options available in the market.

Developers can leverage conversation APIs through an amalgamation of IP Messaging, PSTN Voice, SMS, and WebRTC Audio and Video. WebRTC is a protocol that enables audio and video communication. Developers can use an architecture that includes cloud services, WebRTC API, and other conversation API parts for video conferencing features.

6. Telemedicine Feature

With the COVID19 impact, there has been a need for real-time communication solutions in the healthcare industry. Developers can leverage messaging APIs, voice APIs, and video APIs to create telemedicine solutions. You can integrate virtual calls, video, and real-time chats in the app between users and healthcare providers.

7. Virtual Call centers

The virtual call center software is cloud-based solutions that enable advanced inbound and outbound calling capabilities. It reduces the need for bulkier infrastructures like an auto call distributor with physical calling devices.

Integrating a virtual call center software with voice APIs from a communication API service provider like Nexmo or Twilio can be beneficial. These services enable you to use WebRTC based features. It will allow you to create calling sessions over a browser through API protocols like RTCPeerConnection API of WebRTC.

Conclusion

There are many communication APIs providers out there. But one can find these use cases most crucial when building enterprise-grade software systems like a call center. Also, I'd like to share that though Twilio is a market leader in communication APIs, there are many worth checking alternatives to Twilio.

Hope you've found this post interesting. Also, share your views on communication APIs with me in the comments below.

How to ensure payment API Security for your business in 2021?

Hardik Shah — Mon, 28 Dec 2020 11:47:34 +0000

With the eCommerce boom, traction towards online payment gateways has seen a surge. Even the B2B transactions that were mostly cheque-based have seen a steep fall in paper transaction usage.

According to the AFP Electronics Payment Survey, cheques accounted for 42% of total transactions, which is relatively low. The survey also suggests that 72% of respondents believe in APIs, or Application Programming Interface to significantly impact such transactions.

An API is a set of protocols that dictate data exchange between heterogeneous systems. Payment gateway security is an essential aspect for businesses of multiple domains to infuse confidence in customers.

According to a report, 30% of people don’t buy clothes online due to security concerns, and it is why you should have proper payment security systems in place. As APIs help integrate these payment options into eCommerce platforms, security becomes more critical. So, let’s understand what is payment API security and how to achieve it?

What is Payment API Security?

Online payment needs a gateway to complete the checkout process. Securing the payment APIs requires to mitigate vulnerable touchpoints during the transaction. A payment API security is all about providing reliable solutions to ensure the transactions are highly secure and induces customer confidence through a smooth experience.

There are two types of the online payment process that every customer goes through,

Payment gateway
Payment processing

A payment processor furnishes essential information regarding the account to the issuing bank that validates a consumer’s request for funds. At the same time, payment gateways not only include the payment processing activity but also authorizes the entire transaction between a buyer and a seller.

The interaction between a buyer and seller or even the issuing bank is executed through an API. So, securing an API is quintessential for your online payments, whether it’s merely for payment processing or a payment gateway.

Take an example of the famous Cambridge Analytica - Facebook security breach of about 60 million accounts. Cambridge Analytica misused Facebook’s API to access social data and to which the biggest social media platform has to suspend the account.

Let’s look at some of the critical solutions that you can use for payment API security.

Documenting the updates

When you update the API security patch on your application or websites, it becomes paramount to document each API execution. When you update the API patch, older and less secure APIs can be vulnerable to attacks. So, it becomes essential to identify such API patches and replace them with secure ones. When you are documenting every API update, identifying an underlying patch that is not secure becomes easy.

User Authentication

Authentications are one of the most non-secure elements in any online payment system. 42% of firms faced security breaches in 2019 due to insufficient user authentication passwords. One way to ensure security during the user authentication process is to deploy tokenization.

Tokenization is a process of replacing sensitive user data with non-sensitive data. Most of the firms use the tokenization process to replace user data with a string of numbers representing information but do not reveal it.

A tokenization service securely stores the consumer's card data and generates a token or a unique identifier. The merchant uses such a token to charge users for purchases they make. Most of the Token Service Providers or TSP offer customized tokens for merchants.

Such payments need secure tokenization services and platforms to help mask PAN(Permanent Account Number) for credit cards/ debit cards during user authentications. Such processes ensure that even if the token environment gets attacked by hackers, they only receive non-sensitive information.

Functional Authorization

Authorizing the call function for a user request must be done with adequate scrutiny because it secures the user data on your platform. For example, Facebook made a mistake by not attending a photo function API bug and exposing over 60 million user images on 1500 different apps.

Every user request for data is fulfilled through an API call function. Now, each call for API function needs authorization protocols that authorize and execute the functionality. Take the example of saving a Facebook user's profile picture.

If a user requests an API function through a call to download or save another person's profile picture, the authorization protocol must dictate whether to authorize it or not. As we know now, Facebook offers a profile picture shield function to avoid such a scenario.

Signing Off

Payment API security is closely related to securing the interactions of users, merchants, issuing banks, sellers, and others. From user authentications to API documentation, there are many other API Security best practices that you can employ to secure your payments.

It is essential to consider the business need, platform, and type of payment gateway that you use. For example, web API security is suitable for securing an eCommerce website, but a native mobile app will need a different solution altogether.

Stateless vs Stateful - Which direction should you take?

Hardik Shah — Thu, 17 Oct 2019 10:46:51 +0000

Scaling a web app is hard, for it always comes with uncertainties and failures. Even a minor fault can break an application if it’s not built for scalability.

In traditional web development, however, one thing that might help a website scale is –– everything being stateless. Here Statelessness means that the server should not remember the application’s state. Instead, the client should remember all the information necessary for the execution with each request as the server can’t memorize and reuse information from previous requests.

Whenever you have to fetch a few things from a database, you receive a request containing everything you need to know. On answering that request, you don’t care about the client until you receive a new request. This makes work so easy; so convenient to execute as you are ensuring a clean state every time.

In traditional application development, however, everything for a fact is stateful. Things are stored in memory, which gives you a sigh of relief that they will continue to remain there until the app is closed; or unless it is reopened. You are not expected to maintain state across sessions; not forced to think that things can be missed out.

Enter Modern Complex Web apps

Modern web apps, on the contrary, sits in between statelessness and statefulness. Here, your server remains stateless and the frontend is stateful.

Think about a web app such as Trello or Canva where every URL points to a single page. Once you reload the page, all elements must be re-fetched from the server, maintaining the state on the server.

So, how do you decide whether the stateless or stateful approach would help you out?

The Answer is…

Until and unless you need a reason to store a state, going Stateless might help. One thing, however, you need to make sure is to think about the situation where maintaining a state is necessary.

Hugh Mckee, the developer advocate at Lightbend, urges to look into specific circumstances while choosing between Stateless or Stateful approach.

In his blog “How to build successful cloud-native solutions”, Hugh demonstrates the scaling capability of stateful applications by illustrating a shopping cart example.

Hugh concludes his opinion on stateless vs stateful debate with the following quote,

Need help in building complex web apps that scale, you can refer to these scalability tips shared by 25+ experts.

What is your opinion regarding stateful vs stateless debate? I would really love to know in the comments.