Q29 of 40 · REST Assured

How would you integrate REST Assured with Allure for rich reporting?

REST AssuredSeniorrest-assuredallurereportingci-cdapi-testing

Short answer

Short answer: Add the allure-rest-assured dependency and register AllureRestAssured as a filter in RequestSpecBuilder. It captures every request and response as Allure attachments automatically. Annotate test methods with @Feature, @Story, and @Severity to create a navigable, stakeholder-readable report hierarchy.

Detail

Dependency (Maven):

<dependency>
    <groupId>io.qameta.allure</groupId>
    <artifactId>allure-rest-assured</artifactId>
    <version>2.27.0</version>
    <scope>test</scope>
</dependency>

Registration — add to the shared RequestSpecBuilder once:

new RequestSpecBuilder()
    .addFilter(new AllureRestAssured())
    ...

Every test that uses this spec gets request/response attachments in the Allure report with no per-test code.

Annotations for hierarchy:

@Epic("User Management")
@Feature("Create User")
@Severity(SeverityLevel.CRITICAL)
@Story("POST /users returns 201 with generated ID")
@Test
void createUser_returns201() { ... }

Custom steps — wrap logical actions in @Step for readable report steps:

@Step("Create user with email {email}")
public User createUser(String email) { ... }

Masking secrets: wrap AllureRestAssured with a custom filter that replaces the Authorization header value before Allure captures it — you don't want tokens in reports stored in CI artefacts.

// EXAMPLE

AllureIntegrationTest.java

// pom.xml: allure-rest-assured + allure-junit5 dependencies

// BaseApiTest — register the filter once
reqSpec = new RequestSpecBuilder()
    .setBaseUri(ApiConfig.baseUrl())
    .addHeader("Authorization", "Bearer " + ApiConfig.token())
    .setContentType(ContentType.JSON)
    .addFilter(new AllureRestAssured()         // captures all HTTP traffic
        .setRequestTemplate("http-request.ftl")
        .setResponseTemplate("http-response.ftl"))
    .build();

// Test class — annotated for Allure report navigation
@Epic("Order Management")
@Feature("Checkout")
class CheckoutTest extends BaseApiTest {

    @Story("Successful checkout creates an order")
    @Severity(SeverityLevel.BLOCKER)
    @Test
    void checkout_withValidCart_creates201Order() {
        given(reqSpec)
            .body(Map.of("cartId", "cart-42"))
        .when()
            .post("/checkout")
        .then()
            .statusCode(201)
            .body("orderId", notNullValue());
    }
}

// WHAT INTERVIEWERS LOOK FOR

Correct filter registration location (RequestSpecBuilder, not per-test), the annotation hierarchy (@Epic, @Feature, @Story, @Severity), and the practical concern of masking auth tokens in reports.

// COMMON PITFALL

Adding new AllureRestAssured() inside each @Test method — this works but produces duplicate attachments and must be maintained in every test. Register it once in the spec builder.

// Related questions

Explain filters in REST Assured. Give an example of a custom filter.

REST Assured

Walk through how Karate generates HTML reports and what's actionable in them.

Karate

What is a build pipeline?

CI/CD & DevOps