Skip to content
/ Spotify-RestAssured-API-Testing-Framework Public

Production-ready API automation framework using Java, Rest Assured, TestNG, OAuth 2.0, Allure Reports, and GitHub Actions

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nitishjha72/Spotify-RestAssured-API-Testing-Framework

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
img.png
img.png
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Spotify API Tests

Spotify API Automation Framework

A production-grade API automation framework built using Rest Assured, TestNG, and Allure, with OAuth 2.0 authentication, parallel-safe tests, and CI/CD integration using GitHub Actions.
The latest test execution report is automatically published to GitHub Pages.

Live Test Report

Latest Allure Report (GitHub Pages)
https://nitishjha72.github.io/Spotify-RestAssured-API-Testing-Framework/

The report always reflects the most recent CI run.

Tech Stack

  • Java 21
  • Rest Assured
  • TestNG
  • Allure
  • Maven
  • GitHub Actions
  • OAuth 2.0 (Spotify API)

Framework Architecture

The framework follows a layered, scalable architecture: img.png

Design Principles

  • No BaseTest inheritance
  • Stateless API layer
  • Thread-safe token management
  • Reusable request specifications
  • Environment-driven configuration
  • CI-friendly and parallel-safe

Authentication Strategy

  • Uses OAuth 2.0 (Authorization Code + Refresh Token)
  • Access tokens are:
    • Fetched dynamically
    • Cached with expiry handling
    • Reused safely across parallel tests
  • Sensitive data is never committed to the repository

Secrets via environment variables

  • SPOTIFY_CLIENT_ID
  • SPOTIFY_CLIENT_SECRET
  • SPOTIFY_REFRESH_TOKEN

Environment Management

Supported environments:

  • dev
  • qa (default)

Default execution (QA)

mvn clean test

Parallel-Safe Testing

  • Dynamic test data generation
  • No shared mutable state
  • Independent resource lifecycle per test
  • Safe for parallel CI execution

Reporting (Allure)

  • Allure reports are generated after every test run
  • Environment metadata is injected into the report
  • Reports are:
    • Uploaded as CI artifacts
    • Published to GitHub Pages
  • Only the latest report is published

Local report viewing

allure open allure-report

CI/CD Pipeline

Implemented using GitHub Actions.

Triggers

  • Push to main
  • Pull requests
  • Manual execution with environment selection
  • Scheduled execution (every 7 days)

Pipeline Steps

  • Run API tests
  • Generate Allure report
  • Publish report to GitHub Pages
  • Expose report link in workflow summary

Logging & Security

  • Authorization headers are masked in logs
  • Sensitive form parameters are not logged
  • No secrets appear in logs, reports, or the repository

Sample Test Coverage

  • Create playlist
  • Get playlist
  • Update playlist
  • Validation error scenarios
  • Authentication failure scenarios

Notes

  • Allure reports must be served over HTTP
  • Opening index.html directly will not work due to browser security restrictions
  • GitHub Pages provides a stable public URL for report access

Author

Nitish Jha
Senior SDET

About

Production-ready API automation framework using Java, Rest Assured, TestNG, OAuth 2.0, Allure Reports, and GitHub Actions

Topics

java oauth2 ci-cd testng rest-assured backend-testing api-testing-framework automation-testing github-actions

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages