// Case Study - How a startup in Fintech increases throughput by 62% doing Load Testing

Written July 6, 2020

Pago and Rungutan

Pago is a mobile app and the 1st BETA tester of Rungutan - Load Testing, back when the platform's design was just buttons on a blank page. They've helped us with tremendous feedback on the platform, the UI, the functionality and the platform core itself for more than 2 months, and we are proud to call them not just our partners, but our friends.

We think the bond that is created between a client and a supplier in the incipient months of a new product is the most amazing thing as it creates a clear trust between the two parties, something that can only help them achieve greatness.

As such, we would like to take this opportunity to officially thank them for being open and for trusting Rungutan's potential!

The Before

Before using Rungutan, Pago had some problems with their API calls in regards to caching mechanism.

Don’t get us wrong, they knew what they were doing and they were using caching as much as possible, but because they didn’t have a tool to actually measure and understand which and what components needed to be cached, it wasn’t optimum at all.

Furthermore, scaling experiments were pretty hard to do. Generating and consistently sustaining live traffic from multiple IPs in order to induce scaling mechanisms was pretty hard to do using the current tools on the market.

And although there are tools that could do it, Pago wasn’t actually able to simulate all the user flows that they needed using them.

The After

Just three days into their trial and they’ve already started tweaking their infrastructure as now they had valuable information which created actionable insights.

After a few days of tweaking and testing, not only was Pago able to fix all of their API caching problems, but using our stress testing logic, they were able to optimize their auto-scaling mechanisms, helping them save money on ensuring that they always have exactly the amount of infrastructure power that they need.

The initial loading of the app experience has also improved considerably, simply because Pago now loads 62% faster than before! The code optimizations and the backend caching problems could not have been identified without a load testing platform as good and easy to use as Rungutan is.

The Challenge

Pago needed SaaS testing tools that were easy to use and easy to scale to the amount of traffic that they required, as well as the possibility to define and re-use traffic flows inside their app.

The increased number of new users who started using the app during the dreaded COVID-19 period might have stressed their current performance a bit over the edge, making the necessity of maintaining the user experience for old users as well as supporting new users an urgent requirement.

But more than that, they also needed the flexibility of experimenting. Therefore the ability to launch tests and view results within less than 5 minutes a couple of times a day in order to understand how their new code releases integrate and work with each other was extremely valuable for them.

And anyway, load testing a mobile platform is especially hard to do, for the following reasons:

  • You have to simulate traffic from multiple public IPs
  • You have to be able to authenticate as the "machine" device
  • You have to be able to track the requests and create a workflow to support your user interaction

The Solution

JWT Auth login with Token

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs, the signature also certifies that only the party holding the private key is the one that signed it.

So we started doing it as a step by step process. Let's make sure you can perform a simple login through our platform.

Thankfully, our platform was able to handle that and it was just a matter of configuring a simple JSON:


{
  "path": "/obfuscated/path/that/does/login",
  "method": "POST",
  "headers": {
      "Content-Type": "application/x-www-form-urlencoded",
      "Authorization": "Basic OBFUSCATED"
  },
  "data": "grant_type=OBFUSCATED&username=OBFUSCATED&password=OBFUSCATED",
  "extract": [
      {
          "parameter_name": "authtoken",
          "location": "body",
          "key": "access_token"
      }
  ]
}

                                            

Adding some workflow

Well, the hard part was done!

After we sorted out the auth system, we started adding some workflow paths:


{
  "workflow": [
    {
      "path": "/obfuscated/path/that/does/login",
      "method": "POST",
      "headers": {
          "Content-Type": "application/x-www-form-urlencoded",
          "Authorization": "Basic OBFUSCATED"
      },
      "data": "grant_type=OBFUSCATED&username=OBFUSCATED&password=OBFUSCATED",
      "extract": [
          {
              "parameter_name": "authtoken",
              "location": "body",
              "key": "access_token"
          }
      ]
    },
    {
      "path": "/obfuscated/first/url",
      "method": "GET",
      "data": "",
      "headers": {
        "Content-Type": "application/json",
        "Authorization": "Basic ${authtoken}"
      }
    },
    {
      "path": "/obfuscated/second/url",
      "method": "GET",
      "data": "",
      "headers": {
        "Content-Type": "application/json",
        "Authorization": "Basic ${authtoken}"
      }
    },
    {
      "path": "/obfuscated/third/url",
      "method": "POST",
      "data": "some_payload_here",
      "headers": {
        "Content-Type": "application/json",
        "Authorization": "Basic ${authtoken}"
      }
    }
  ]
}

                                            

Putting it all together

After that, it's all a matter of defining the amount of clients, IPs, and regions.

Here's how the final result looked like:


{
  "team_id": "pago",
  "test_name": "open app-> login -> get data -> post something",
  "num_clients": 10,
  "run_time": 600,
  "threads_per_region": 3,
  "test_region": [
    "eu-central-1"
  ],
  "workflow": [
    {
      "path": "https://example.com/obfuscated/path/that/does/login",
      "method": "POST",
      "headers": {
          "Content-Type": "application/x-www-form-urlencoded",
          "Authorization": "Basic OBFUSCATED"
      },
      "data": "grant_type=OBFUSCATED&username=OBFUSCATED&password=OBFUSCATED",
      "extract": [
          {
              "parameter_name": "authtoken",
              "location": "body",
              "key": "access_token"
          }
      ]
    },
    {
      "path": "https://example.com/obfuscated/second/url",
      "method": "GET",
      "data": "",
      "headers": {
        "Content-Type": "application/json",
        "User-Agent": "Pago/1.9.12",
        "Authorization": "Basic ${authtoken}"
      }
    },
    {
      "path": "https://example.com/obfuscated/third/url",
      "method": "POST",
      "data": "some-json-formatted-post-data",
      "headers": {
        "Content-Type": "application/json",
        "User-Agent": "Pago/1.9.12",
        "Authorization": "Basic ${authtoken}"
      }
    }
  ]
}

                                            

The Results

Pago has decreased the overall application loading time after using Rungutan as their load testing platform by 62% which has now allowed them to offer the same user experience for any new user sign up that the old ones get - which is nothing but the best.

Their new scaling experience is now perfectly balanced to their needs while keeping all costs under control whilst ensuring that, if it is needed, new infrastructure pieces will be able to come online as required.

Conclusions

Our long-term vision is to create through Rungutan a business environment where top-notch resources can be affordable as well, for anyone who is willing to not compromise the quality of their work. By creating Rungutan, we wanted to offer more autonomy to IT professionals by saving them lots of time spent on traditional Load Testing platforms and to bring added value to final clients by reducing their costs.

By discovering along the way incredible businesses with talented and proactive teams, such as Pago, and actually managing to find solutions for helping them, we feel we might be closer and closer to fulfilling our dream. That is why it’s worth sharing their success story with you.

One more time, many thanks, Pago, for trusting us!

“We had been searching for a while for a service which we could rely upon to replicate & test our user flows and I can say for certain that finding Rungutan has helped us step up our load testing to banana levels. All this through a clear UI & API while having close to no limits on the testing power, who does not want that? Add to this the stellar support from the Rungutan team and you get yourself a service you can rely upon during the hardest as well as calmest waters.” - Alex-Gala Popescu, CoFounder Pago