added some apps to the expanded pages

Author: eviltester

challenger/src/main/resources/content/changes.md

@@ -0,0 +1,14 @@
+---
+title: API Challenges Change Log
+description: Change log for the API Challenges
+showads: true
+---
+
+# Change Log
+
+## 2025/02/16 - added pages for apps: Tracks, Best Buy, FX Trade Hub
+
+- Added page for [Best Buy API Playground](/practice-sites/apps/bestbuy) showing how to run, and sample exercises to get started. The Best BUY API Playground is a full CRUD API with Open API documentation and a Swagger UI. The application also has a lot of data available when it starts.
+- Added page for [FX Trade Hub](/practice-sites/apps/fxtradehub) showing how to run, and sample exercises to get started. The FX Trade Hub is a simple API with a Swagger UI. Has a lot of default data installed and is suitable for full CRUD operation testing. 
+- Added page for [tracks](/practice-sites/apps/tracks) showing how to run, and sample exercises to get started. Tracks offers a Web App UI and a REST API and was the case study application used in my book [Automatinc and Testing a REST API](https://www.eviltester.com/page/books/automating-testing-api-casestudy/)
+- Removed [TODO API Sample](https://github.com/g33klady/TodoApiSample) from list of practice apps because during testing in docker the api failed to work

challenger/src/main/resources/content/practice-sites.md

@@ -257,27 +257,43 @@ To have the most control over your practice testing session you can download an
 
 Getting started with these applications can be a little harder than using the online versions and may require installing Java, Node or Docker.
 
+### Best Buy API Playground
+
+- Best Buy API Playground is a full API that can be run locally using Node or Docker
+- Full range of CRUD operations is supported using `GET`, `POST`, `PATCH`, `DELETE`
+- Large set of data is provided
+- Swagger UI is available
+- Open API Definition is downloadable
+
+[Read a full overview of Best BUY API Playground with sample exercises](/practice-sites/apps/bestbuy)
+
+### Tracks
+
+- Tracks is a full todo app that can be run locally if you have Ruby on Rails installed, or use a [virtual machine from Turnkey](https://www.turnkeylinux.org/tracks) or [run from docker](https://github.com/eviltester/tracksdocker).
+- I recommend running it from Docker
+- Tracks is the case study application used in the book [Automating and Testing a REST API](https://www.eviltester.com/page/books/automating-testing-api-casestudy/)
+
+[Read a full overview of Tracks with sample exercises](/practice-sites/apps/tracks)
+
+### FX Trade Hub
+
+- FX-TradeHub is a simple API simulating a trading application.
+- Can be run locally if you have Node installed or from a Docker file.
+- Has a Swagger UI for easy exploration
+
+[Read a full overview of Fx Trade Hub with sample exercises](/practice-sites/apps/fxtradehub)
+
+### More Applications
+
 I've listed a few applications here initially and will expand the instructions to include walkthroughs and setup guides in future updates.
 
 - [Api Challenges](https://github.com/eviltester/thingifier/tree/master/challenger)
-  - API challenges can be run locally if you install a Java SDK and maven as pre-requisites. 
-- [BestBuy API Playground](https://github.com/BestBuy/api-playground)
-  - The BestBuy API Playground can be run locally if you have Node and npm installed. 
+  - API challenges can be run locally if you install a Java SDK and maven as pre-requisites.  
 - [Device Registry Service](https://github.com/AutomationPanda/device-registry-flask)
   - The Device Registry Service can be run locally if you have Python 3 and Pip installed.
-- [Tracks](https://www.getontracks.org/)
-    - Tracks is a full todo app that can be run locally if you have Ruby on Rails installed, or use a [virtual machine from Turnkey](https://www.turnkeylinux.org/tracks) or [run from docker](https://hub.docker.com/r/staannoe/tracks/).
-    - I recommend running it from Docker
-    - [Instructions and Video Tutorial for using Tracks in Docker or a Virtual Machine](https://www.eviltester.com/page/books/automating-testing-api-casestudy-support/#dockervideo)
-- [TODO API Sample](https://github.com/g33klady/TodoApiSample)
-  - This is the support app for [Hilary Weaver](https://g33klady.com/)'s Testing API Tutorial.
-  - Has instructions to use from docker
 - [JSON Server](https://github.com/typicode/json-server)
    - Can be run locally if you have Node and npm installed.
-- [FX-TradeHub](https://github.com/sd576/FX-TradeHub-API/tree/main)
-   - Can be run locally if you have Node installed.
-   - I created a Docker file which can run the application if you use Docker [here](https://github.com/eviltester/thingifier/tree/master/docker)
-   - Has an OpenAPI spec to use within a Swagger UI or REST Client
+
 
 <!--
 

challenger/src/main/resources/content/practice-sites/apps/bestbuy.md

@@ -0,0 +1,131 @@
+---
+title: Best Buy API Playground - An old version of the Best Buy API - Practice API
+description: Bes tBuy API Playground is an old version of the Best Buy API. Notable for comprehensive query filter operations.
+showads: true
+---
+
+In addition to our [API Challenges](/gui/challenges) you should practice on as many sites as possible. Try [BestBuy API Playground](https://github.com/BestBuy/api-playground).
+
+# Best Buy API Playground - A Practice GET API
+
+The Best Buy API Playground is a node application which implements an older version of the Best Buy API. It comes pre-populated with production-like data.
+
+Since this is a practice version of the API, update and delete operations are enabled in addition to the expected `GET` verbs. These would not be available in the production version of the API.
+
+Summary:
+
+- Best Buy API Playground is a full API that can be run locally using Node or Docker
+- Full range of CRUD operations is supported using `GET`, `POST`, `PATCH`, `DELETE`
+- Large set of data is provided
+- Swagger UI is available
+- Open API Definition is downloadable
+
+## Running The Application Using Node
+
+If you have node installed then the API can best started by cloning the repository and using `npm`.
+
+Full instructions are on the [GitHub page](https://github.com/BestBuy/api-playground), copied here for ease of reference:
+
+```
+git clone https://github.com/bestbuy/api-playground/
+cd api-playground
+npm install
+npm start
+```
+
+The Best Buy API Playground will now be accessible on `http://localhost:3030`
+
+I personally prefer to run the application using Docker as described below.
+
+## Running The Application Using Docker
+
+Create the Docker image locally:
+
+```
+git clone https://github.com/BestBuy/api-playground
+cd api-playground
+docker build --tag bestbuy .
+```
+
+Then run the Docker image, making sure you map the exposed port `3030`:
+
+```
+docker run -d --name=bestbuy-api-playground -p 3030:3030 "bestbuy"
+```
+
+I map the port to `3030` on localhost to make the Swagger documentation URL work with the default values.
+
+## Documentation End Points
+
+You can then access:
+
+- the basic api documentation at
+   - `http://localhost:3030`
+- A Swagger UI Front End at
+   - `http://localhost:3030/docs/`
+- A Swagger API Definition file at
+   - `http://localhost:3030/swagger.json`
+- A PostMan collection has been bundled with the app at
+   - `http://localhost:3030/postman/API.postman_collection.json`
+- The Queries documentation shows some examples of queries to use on the API. This is useful because the GET API supports a complex set of query filters using SQL-like operators.
+   - `http://localhost:3030/queries` 
+
+## API Endpoints
+
+The application is bundled with sample data so you will be able to query the data on the back end immediately.
+
+The main endpoints are:
+
+- `/products` - products available in the database.
+- `/categories` - product categories and their subcategories/path.
+- `/stores` - returns a list of Best Buy store locations.
+- `/services` - returns a list of services available at Best Buy stores.
+- `/version` - returns the current version of the application.
+- `/healthcheck` - returns information about the application's health.
+
+
+## Exercises
+
+### Exercise - `GET` all the main endpoints
+
+- Issue a GET request on each of the top level endpoints listed above
+- Initially do this using the Swagger UI `http://localhost:3030/docs/`
+- Repeat the exercise using a REST API Client to gain more control. You can download the Swagger file to pre-populate the requests in your REST Client.
+
+### Exercise - Explore the Example Query Formats
+
+- Use the list of Query formats on the Query Example page
+    - `http://localhost:3030/queries` 
+- Initially do this by clicking on the links
+- Copy the URLs into your REST client and repeat the exercise
+- Amend Query parameters to explore the results
+
+### Exercise - Create and Update the Data
+
+- Explore the endpoints to create and amend the data in the backend
+- Use `OPTIONS` do check if the endpoints honour the verbs listed
+
+### Exercise - Does the API only support JSON?
+
+- The response format can sometimes be influenced using the `accept` header to tell the server that the client will accept a different format for the response.
+- By default the server responds with `JSON`.
+- What happens if you ask the server for `application/xml`?
+- What other formats could you ask for?
+
+## Some Observations
+
+### Create and Updating Data
+
+- When creating data I noticed that the system was fussy around headers, but in a misleading way. Sending through a valid payload in 'text/plain' format I received the information that it `should have required property 'name'` rather than content-type not accepted.
+- The server checks payloads for extra and unexpected fields.
+- Server responds with all validations that the request fails, not just the first one, which is useful for debugging requests.
+- Duplicate fields are allowed with the last one being accepted
+- JSON validation fails with a `500` error rather than a `400` error suggesting that a general exception is thrown but not trapped to return a `400` (client) error. NOTE: the swagger documentation suggests that a `400` will be returned
+- The swagger documentation did not show the field validation rules so I experimented to find validation lengths. And then used an online counterstring tool to check the length calculations [counterstring generator](https://eviltester.github.io/TestingApp/apps/counterstrings/counterstrings.html)
+- Service names do not need to be unique
+- Trying to amend an existing item using `POST` returned a `404` rather than a `405 Method Not Allowed`, which also contradicts the methods listed when I asked for `OPTIONS`
+
+### `accept` Header
+
+- The API examples are all `JSON` so I tried asking the API for `application/xml` I received a `500` error. I rather expected a `400` error because the request was asking for something the API did not support, rather than the server throwing a `500` General Error.
+- Since the `xml` request failed I wondered what would happen with a `text/html` response and I found it interesting that the server did actually respond with an error in HTML format.

challenger/src/main/resources/content/practice-sites/apps/fxtradehub.md

@@ -0,0 +1,149 @@
+---
+title: FX Trade Hun - A Productivity GTD App - Practice Web App and API
+description: Tracks is a mature application implementing the Getting Things Done productivity method with a Web GUI and API.
+showads: true
+---
+
+In addition to our [API Challenges](/gui/challenges) you should practice on as many sites as possible. Try [FX-TradeHub](https://github.com/sd576/FX-TradeHub-API).
+
+# FX Trade Hub - A Web Application with API
+
+[FX-TradeHub](https://github.com/sd576/FX-TradeHub-API) is an API to simulate a trading system. It is written for Node and can be run locally if you have node installed. To make it easy to run, we have also created a Docker file that makes it easy to get started.
+
+The API has a Swagger UI.
+
+Summary:
+
+- [FX-TradeHub](https://github.com/sd576/FX-TradeHub-API)
+- Can be run locally if you have Node installed.
+- I created a Docker file which can run the application if you use Docker [here](https://github.com/eviltester/thingifier/tree/master/docker)
+- Has a Swagger UI to allow easy exploration of the API
+
+
+## Running The Application
+
+### Using Node
+
+Instructions for running the application are available in the project readme.
+
+- [github.com/sd576/FX-TradeHub-API](https://github.com/sd576/FX-TradeHub-API)
+
+
+### Using Docker && cURL
+
+Create the Docker image locally by downloading our Dockerfile for the project or cloning the apichallenges github repo.
+
+#### Download just the Docker file
+
+Create the Docker image locally by downloading our Dockerfile for the project:
+
+```
+mkdir fxtradehub
+cd fxtradehub
+curl https://raw.githubusercontent.com/eviltester/thingifier/refs/heads/master/docker/fxtradehub/Dockerfile -o Dockerfile
+docker build --tag fxtradehub .
+```
+
+Then you can run the image:
+
+```
+docker run -it --name=fxtradehub -p 3000:3000 fxtradehub
+```
+
+And visit `http://localhost:3000/api-docs` to see the Swagger Docs UI.
+
+#### Cloning the API Challenges repo
+
+Create the Docker image locally by downloading our Dockerfile for the project:
+
+```
+git clone https://github.com/eviltester/thingifier
+cd thingifier
+docker build -t fxtradehub -f ./docker/fxtradehub/Dockerfile .
+```
+
+Then you can run the image:
+
+```
+docker run -it --name=fxtradehub -p 3000:3000 fxtradehub
+```
+
+And visit `http://localhost:3000/api-docs` to see the Swagger Docs UI.
+
+
+## API Endpoints
+
+The API is a CRUD interface using verbs: `GET`, `POST`, `PUT`, `DELETE`.
+
+The top level url path for the api is `/api`.
+
+Then sub paths for the endpoints:
+
+- `/counterparties`
+- `/counterparties/{id}`
+- `/settlements`
+- `/settlements/{counterpartyId}`
+- `/settlements/{counterpartyId}/{currency}`
+- `/trades`
+- `/trades/{id}`
+
+
+eg. `GET http://localhost:3000/api/counterparties`
+
+It is a fun API to test. It is still in its early stages, and as it is a hobby project test API... expect to be able to find bugs.
+
+## Exercises
+
+A set of suggested exercises to explore the API.
+
+### Exercise - Use the Swagger UI to Explore the Data
+
+- The Swagger UI `http://localhost:3000/api-docs` will allow you to issue the accepted requests for the API
+- Use the Swagger UI to issue `GET` requests and explore the data
+- Use the Swagger UI to amend the data in the system.
+- Read the Swagger UI documentation carefully and see if you spot any issues
+
+### Exercise - Use a REST Client to Explore the API
+
+- Having gained familiarity with the normal usage of the API, use a REST client to explore the API in more depth.
+- When calling `OPTIONS` does the endpoint honour all the verbs listed?
+
+
+### Exercise - Explore the Validation
+
+- The API documentation does not describe all the validation rules, try and trigger validation errors.
+- Vary the input data to see which fields have domain validation rules and which do not e.g. does an email have to be an email?
+- Identify which fields need to be present and which are optional.
+- Are you happy with all the field validations?
+
+### Exercise - Explore Amending Values
+
+- Use the `PUT` verb to amend existing entities
+- When an amend payload using `PUT` is accepted, does it always amend the entity correctly?
+- Any fields that you identified as optional during creation. Can you amend an existing entity with those values to make the field value optional?
+
+
+## Some Observations
+
+These endpoints were made at a specific point in time. The system may have changed since, and you might not be able to repeat the observations below. They are provided here to give you some insight into the type of testing I performed.
+
+### Swagger UI
+
+- When reviewing the Swagger documentation I spotted some inconsistencies in the status code descriptions with the endpoint e.g. `/counterparties` would never return a `404` for a missing counterparty even though this is suggested by the documentation.
+
+### Exploring the API
+
+- I found it interesting that the ID 'looks like' it should be an integer `1` but is actually a string `001` and I had to use the full `001` to access specific items. 
+- Creating data was interesting. When experimenting with APIs I tend to `GET` and then use the payload in a `POST` to try and create data. But in this instance when creating a counterparty the phone number would not validate as the returned number `+44 20 7116 1000` exceeded the maximum length of 15.
+- I like to call endpoints with verbs which are not listed as valid to see the response. Ideally I'll see `405 Method not allowed` rather than a `404`
+
+### Exploring the Validation
+
+- I tend to check for handling of invalid request formats, not just field formats. Ideally I expect to see a message about malformed JSON with a `400` response as `500` errors can be harder to diagnose.
+- Some fields validate as requiring a value and it is not possible to amend them to be `null`, although it is possible to create them as `null`.
+- The validation on the primary key allowed me to create an empty or null id, and then subsequently would not be able to amend or delete this entity.
+- I like to create entities with minimum payloads to see if the system tells me what should exist, the error report for invalid counterparty items with not enough fields seems to be "Counterparty with this ID already exists"
+
+### Exploring the Amendment
+
+- When amending I like to check if I can amend fields to be `null`, particularly with a `PUT` as I view a `PUT` as overwriting and not a partial update. For this API implementation `PUT` is treated as a partial update and if a field is missing it is not updated on the backend.