What values can API testing bring in?
Software Testing has already been an integral part of Software development. Although software testing gains prominence, API testing remains an ignored, undervalued, and often misunderstood practice.
Most web application follows the three tier architecture model named the data tier, the logic tier, and the presentation tier. API controls Logic layer and as the name denotes all the business logics of an application is achieved here. To test this layer is a must do action as part of software development life cycle.
- API testing ensures Customer trust to an additional extent. Earning the customer trust obviously ensures a stable business.
- They tend to be quicker and much more reliable than GUI tests.
- Also API tests don’t rely on a UI to be ready, they can be created early in the development process. Testing can be as early as it suits for the Agile development.
- This period is considered to be the "Golden Age of APIs" where many opt for Centralization. When the industry starts seeing the benefits of the APIs, testing it is vital.
- APIs can be a product itself and can generate revenue for the organisation.
- API powers and enhances the product, such as Twitter, or Facebook. Here the API helps to acquire content and solidifies partnerships.
API Testing - A short Introduction
API testing is another type of Software testing where a tester directly plays around Application Programming Interfaces (APIs) despite not having any specific interface to do so.
API defines how software components talks with each other. Similar to traditional testers test how an operator uses the front end of their product, an API tester can test how internal and external users use the APIs. The concepts are very similar to non-API testing. The only difference is that in most cases you are manipulating the API outside of a user interface (UI) using different tools. API testing is not part of (or) type of Unit testing.
Where to start?
Many think API testing is complex which involves dealing with raw data. I would claim that API testing is no different when you understand the intention of your APIs.
Need for API documentation
The prime quality to begin with API testing is to understand your API.
API documents should generally be available and the main items to be understood from the document are as follows,
- Does it supports Authentication? What kind of authentication is implemented and the reason for such implementation.
- Does it cover all features, all inputs and outputs?
- Does it include the range, type, and format of allowable input data, and the limits of the output data?
- Does it describe the function of the API, and of each API call?
- Does it list all error codes sent by the API, with their meanings?
In case of an API, the target audience for the documentation consists of developers, testers across many teams and the documentation must allow them to make full use of the API. It should be tested as part of the API.
What is all the drama between REST and SOAP?
Another common topic that confuses the beginners is the difference between the SOAP and REST APIs. Simple object access protocol (SOAP) and representational state transfer (REST) are two formats for implementing web services. Soap APIs have custom actions defined by developers, where REST APIs use only HTTP actions and define the state of an object using payload.
REST API users are those who rely on their services being very quick to run and quick to build, including a significant amount of web apps. Newer companies seem to prefer REST due to its ease of implementation, and versatility. Most modern day application had an edge for RESTful APIs over SOAP APIs for the above reason.
Check list before kick off
- APIs are generally built for the application and their inputs and outputs are normally text-formatted messages. Though they are easily understandable an in-depth knowledge of the internals of the application is required to sufficiently test it.
- API testing is a Black box testing but follows the standards of the White box testing where you need to validate the in depth data flow within your application.
- As mentioned earlier in the blog, API holds key for all the business logics of the application. Apparently, there is no any serious intentions put to test the APIs. In fact in many projects API testing is ignored for being too granular and time consuming. You will have to promote the need of testing APIs.
- Always go beyond the happy path despite the testing consuming its time, the test results are highly influenced for a quality application.
- There are situations where we may be source providers for the other teams. To put in other words, we build APIs for other teams. In such cases, we might keep an eye on the API that everything it is designed for is been achieved and the API retrieves results in a satisfying speed.
- Authentication is again a vital concept we have to keep an eye on. APIs are the one which are available to leak the most sensitive information.
With this you might have now figures an API tester is indirectly a functional tester, security tester, white box tester and a performance tester.
Most used API testing tools
SoapUI is a tool for testing Web Services; these can be the SOAP Web Services as well RESTful Web Services or HTTP based services.
We can do Functional Testing, Performance Testing, Interoperability Testing, Regression Testing and much more.
You can simulate Web Services. You can record tests and use them Later. You can create code stubs from the WSDL. You can even create REST specifications (WADL)from recorded communication.
POSTMAN is the tool which is highly recommended for beginners for API testing.
Postman features include:
- History of sent requests
- Create requests quickly
- Replay and organize
- Switch context quickly
- Built-in authentication helpers
- Customize with scripts
- Robust testing framework
- Automate collections
All this is available in an intuitive user interface that would make testing APIs effortless.
Yes, you read it right. JMeter provides an opportunity to play with API requests. This can be used for manual testing APIs of simple business logics. However tool does not bend when a complex set of API should be executed and validated.
What is next?
I trust this should have given you an idea on how to approach API testing. Please follow the page to find the update on my next topic.
"Exercise on Testing API authentication"