Part 1: How Automation Boosts API Quality – Spring Boot + JWT + Full Test Strategy

  • 4.6/5
  • 82
  • Jul 11, 2025

In this first installment of our two‑part series, you'll learn how to design and secure a REST API using Spring Boot. We'll cover:

  • Building a REST API with Spring Boot and an H2 in‑memory database
  • Implementing JWT‑based authentication and role‑based access control
  • Generating interactive API documentation with Swagger UI (OpenAPI)
  • Performing comprehensive manual testing using curl and Postman

By the end, you'll have a documented, secure API that you can explore and test by hand—laying the groundwork for automated tests in Part 2.

Use Case: Student Management

The API supports the following endpoints:

Method Endpoint Description Secured
POST/auth/registerRegister a new user❌ No
POST/auth/loginLogin and receive JWT token❌ No
GET/studentsList all students✅ Yes
POST/studentsCreate a student✅ Yes
GET/students/{id}Get student by ID✅ Yes
PUT/students/{id}Update student details✅ Yes
DELETE/students/{id}Delete a student✅ Yes

Project Setup

To get started, create a new Spring Boot project and add the necessary dependencies, configuration, and folder structure.


1. Initialize the Project

spring init \
  --name=student-management-api \
  --dependencies=web,security,data-jpa,h2,validation \
  --build=maven \
  com.cb:student-management-api:0.0.1-SNAPSHOT

2. Maven Dependencies


3. Configuration (application.yml)


4. Model


5. DTOs


6. Repository


7. Service


8. Controller


9. Security Config


API Documentation with Swagger UI (OpenAPI)

To provide self‑updating, interactive documentation for your Student Management API, you'll integrate springdoc‑openapi. This gives you both a JSON/YAML OpenAPI spec and a live Swagger UI.


1. Add the Dependency

<dependency>
    <groupId>org.springdoc</groupId>
    <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
    <version>2.8.8</version>
</dependency>

2. Customize API Metadata (Optional)


3. Default Endpoints

OpenAPI JSON: GET http://localhost:8080/v3/api-docs (API schema in JSON)

Swagger UI: GET http://localhost:8080/swagger-ui.html (UI to explore and test your endpoints)


Panch Prayag


4. Annotate Your Controllers, Models & DTOs


5. Enable JWT "Authorize" in Swagger UI


Panch Prayag

Now Swagger UI shows an Authorize button. Paste Bearer <your-token> there, and all secured endpoints become testable from the browser.

With these steps, you’ll have live, accurate documentation that both developers and automated tools can rely on.


Manual testing using curl

Below are example curl commands to manually test each endpoint of your Student Management API. Replace <TOKEN> with the JWT you obtain from the login step.


1. Register a New User

curl -i -X POST http://localhost:8080/auth/register \
  -H "Content-Type: application/json" \
  -d '{
        "username": "admin",
        "password": "admin123",
        "role": "ADMIN"
      }'

Expected: HTTP/1.1 200 OK (or 201 Created) with body "User registered successfully".


2. Login and Obtain JWT

curl -i -X POST http://localhost:8080/auth/login \
  -H "Content-Type: application/json" \
  -d '{
        "username": "admin",
        "password": "admin123"
      }'

Expected: HTTP/1.1 200 OK and response body containing the JWT...


3. Create a New Student (Secured)

curl -i -X POST http://localhost:8080/students \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -d '{
        "name": "Rahul",
        "email": "rahul@mail.com",
        "course": "Physics"
      }'

Expected: HTTP/1.1 201 Created with JSON body of the created student, including its id.


4. List All Students (Secured)

curl -i -X GET http://localhost:8080/students \
  -H "Authorization: Bearer <TOKEN>"

Expected: HTTP/1.1 200 OK with a JSON array of student objects.


5. Get Student by ID (Secured)

curl -i -X GET http://localhost:8080/students/1 \
  -H "Authorization: Bearer <TOKEN>"

Expected: HTTP/1.1 200 OK with JSON of the student whose id is 1.


6. Update a Student (Secured)

curl -i -X PUT http://localhost:8080/students/1 \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer <TOKEN>" \
  -d '{
        "name": "Rahul Verma",
        "email": "rahul.verma@mail.com",
        "course": "Mathematics"
      }'

Expected: HTTP/1.1 200 OK with JSON of the updated student record.


7. Delete a Student (Secured)

curl -i -X DELETE http://localhost:8080/students/1 \
  -H "Authorization: Bearer <TOKEN>"

Expected: HTTP/1.1 204 No Content and an empty body.

Conclusion

In this first part, you’ve successfully built a secure, documented, and fully functional REST API using Spring Boot with JWT authentication, role-based access control, and live API documentation via Swagger UI. You’ve also manually tested all endpoints using curl and verified the core flows.

This sets a solid foundation for the next phase, where we'll automate these flows with unit, integration, contract, E2E, functional, and security tests for complete confidence. Stay tuned for Part 2!

🔗 View the complete project on GitHub: student-management-api

Index
How to Implement PostgreSQL Full-Text Search with Spring Boot

15 min

Spring's transaction management with the @Transactional annotation

9 min

Spring Boot Rest APIs with PostgreSQL (Spring Boot + Rest APIs)

15 min

Caching in Spring Boot (@Cacheable, @CacheEvict & @CachePut)

21 min

Declarative REST Client in Spring Boot (Spring 6 HTTP Interface)

13 min

A Guide to Pact Contract Testing in Spring Boot Applications

10 min

Circuit Breaker in Spring Boot (Spring Cloud Circuit Breaker + Resilience4j)

12 min

Handling Concurrent Service Calls in a Spring Boot Application: CompletableFuture and @Async

11 min

Profiling a Spring Boot application with Pyroscope

7 min

Service discovery in Spring Boot (Spring Cloud + Netflix Eureka)

9 min

Dockerize Spring Boot app and Push image to DockerHub (Spring Boot + DockerHub)

4 min

Creating a Jenkins Pipeline for Spring Boot application

2 min

Circuit Breaker Pattern in Microservices (Spring BOOT + Resilience4j)

4 min

Monitoring Microservices (Spring Boot + Micrometer + Prometheus + Grafana)

7 min

Edge Server Pattern in Microservices (Spring Cloud Gateway)

7 min

Spring Cloud config server setup with Git

8 min

Distributed Tracing in Microservices (Spring Cloud Sleuth + Zipkin)

9 min

Circuit Breaker Pattern with Resilience4J in a Spring Boot Application

24 min

Deploying Spring Boot microservices on Kubernetes Cluster

12 min

Reactive programming in Java with Project Reactor

50 min

Spring Reactive with PostgreSQL (Spring Boot WebFlux + PostgreSQL)

13 min

Spring Reactive, Thymeleaf Hello World (Spring Webflux + Thymeleaf + JS/CSS)

9 min

Problem JSON (application/problem+json) in Spring WebFlux

15 min

Spring Boot Login/Logout (Spring Security + MySql + Thymeleaf)

21 min

Securing Server-to-Server Communication with "Spring Boot" & "OAuth 2"

18 min

Integrating AWS OpenSearch with Spring Boot (Index, Search, Pagination & Aggregation)

8 min

Integrating Elasticsearch with a Spring Boot and PostgreSQL application

16 min

Sending Emails in Spring Boot via SMTP

7 min

How to create a basic Spring 6 project using Maven

5 min

Spring Boot, Thymeleaf Hello World (Spring Boot + Thymeleaf + JS/CSS)

9 min

Topics