TZone

In a World of Technology, People Make the Difference.

API Testing

by divya.m

Overview

APIs are the new buzzword. They have become centers of software development practices and they are used to connect and transfer data between different systems. Testing the API improves the efficiency of testing and helps to shift the delivery cycles to left.

What are APIs?

API is the acronym for Application Programming Interface, as they are called is a software communication system that allows two applications to communicate with each other to exchange data. In other words, APIs are basically messengers which take request from one system and bring the response of the other system back i.e. the APIs contains the business logic of the application.

What is API Testing?

API testing is a type of software testing that involves testing the APIs to know if they meet the functional or non-functional requirements. It can be done as part of the integration testing or it can be done independently as well. Since there is no UI involved, API testing is done at the business layer. API tests do not focus on the look and feel of the application. They focus the business layer of the software architecture.

Types of API Testing

There are 3 types of API testing that can be performed

Functional Testing

  • It involves testing API with valid and invalid inputs to know if it does the intended operations or not
  • Input is given in the form of JSON or XML payloads
  • An HTTP response code is returned from the target endpoint depending on the request sent

Performance Testing

  • Load testing occurs usually after a module is completed and is functionally validated.
  • Load testing monitors the app’s performance at both normal and peak conditions.
  • It helps to determine how much traffic your system can handle.
  • We can check the response times of the APIs with every request.

Security Testing

  • Security testing is done to ensure that the APIs are secure from external threats
  • It is used to test the access control and authorization validation
  • A penetration test can also be performed on the API.
  • Another type of security test- Fuzz Testing can also be performed on the APIs.
  • A huge amount of random data (referred to as noise or fuzz) will be the input into the system to detect any negative behaviors.
  • This allows testing for the worst-case scenarios

API Testing Approach and Best Practices:

Before testing an API, one should understand what is the purpose in which an API is trying to serve? Knowing it will help to strategize the tests and prepare the test data as well

Secondly, we should understand the workflow of the application for which an API is constructed.

  • This will help in verification
  • Example- You cannot test the delete order (API) before you create an order (API).
  • You can use the output from one test to the input for the succeeding tests to create chained tests which can run together

Know the expected response codes

  • API response codes are divided into five categories as per the global standards
  • The first digit of the status code defines the class of response. These are
  • 1xx (Informational)- It means the request is being received and is processed
  • 2xx (Success)- It implies that the request is successfully received and processed
  • 3xx (Redirection)- An Action is required to complete the request.
  • 4xx (Client Error)- Something is wrong with the request sent (Syntax) and it cannot be fulfilled
  • 5xx (Server  Error)- Server cannot fulfill the request
  • The last two digits do not have any class or the categorization role
  • Actual response code is specified by the development team as per the requirements.
  • The custom responses should, however fall into the above 5 categories

Organize tests

  • To avoid testing more than one API in one test. It is easier to debug this way
  • Organize tests to make an end-to-end application flow
  • Organize the flows into functional categories (or collections/test sets) for better understanding.

Parameterize tests

  • Mention the parameters in the tests. Avoid using the hard-coded values
  • This way your tests can be used with multiple data sets enlarging the test base.

Automate as much as possible

  • Leverage automation capabilities as much as early in the development cycle as possible
  • Automation with a data-driven approach, can help increase API test coverage to a great extent

API Virtualization

  • An API virtualization tool can create an exact virtual copy of an API
  • An automation approach with mocking techniques (read stubbing/Virtualization) can help to verify API and its integration before the actual API is developed
  • This helps in quicker time to the market by testing as early as possible

Continuous Testing

  • Scheduling automated API tests on a daily basis during the test cycle is a recommended approach.
  • This can be done by integrating the test tools with other CI tools (Jenkins).
  • If a test fails, we can quickly validate issues to have proper solutions earlier.

API Testing Tools:

For leveraging automation, as mentioned in the testing approach above, very important criteria are to identify the right tool. Below are some of the criteria with which we can form a decision

  • Check if the tool under consideration supports APIs that the application uses
  • Does the tool allow authorization methods that are used in an application?
  • Does the tool allow a data-driven approach?
  • Is the tool compatible with other legacy web-service endpoints?

There are few tools available in the market for API testing. The major share in market is captured by the below tools-

  • Postman
  • SOAP UI
  • Swagger
  • Katalon
  • Apigee
  • JMeter
  • Rest-Assured

API Testing Challenges

Adapting to the new approach of testing

  • While most testers are adopted in testing from front end- manual or automation testing, they may not be well-versed on the API testing approach.
  • Lack of API testing skill-set can kill the entire test strategy.
  • Comprehensive training can help testers adapt to the new approach to testing.

Parameter Combination Testing

  • Communication between API happens through the data that passes between the systems. 
  • This data is passed into the requests using the parameters
  • With larger applications, an additional parameter increases the number of possible test cases exponentially
  • Use elimination techniques like Boundary value combinations to rule out the scenarios which are not possible in real-time.

Versioning

  • Versioning is the primary cause of the complexity in the API testing.
  • Issues may arise because of the communication gap when a new API version is released without deprecating the previous ones.
  • If the previous version is still open, it can lead to security risk as older parameters can still be accessed which can lead to the breach of critical data.

Tool Selection

  • Not all tools support testing the API functional, mobile, and security testing scenarios.
  • Even skilled testers can’t run the API test cases correctly when the proper tools and frameworks are not available.
  • A thorough comparison of the tools helps to select the best tools that suit the project.

API Testing Benefits

Early Testing

  • The major advantage of API testing is that it provides access to the applications without having to interact with a GUI.
  • This helps testers to find the defects early so the developers can fix them before they affect the UI

Testing for core functionality

  • API testing helps to test the core business logic of the application.
  • By testing with APIs, we know that business logic is working fine and if there are any bugs, they are at the UI level only and UI bugs can be simpler to fix.

Efficient and Cost-effective

  • API testing is much faster than UI testing as UI tests require polling web pages which slows down the testing
  • As the API tests are faster, it helps to save the overall development and testing costs.

Language independent

  • As previously mentioned, API tests exchange data using XML or JSON.
  • The transfer modes are completely language-independent, meaning automated tests can be written in any language.

Conclusion: 

We all know that to achieve top software quality, rigorous and comprehensive testing is required. Automated API testing plays a crucial role in achieving this as it enables testing on the business layer. API testing also brings a lot of the business benefits like faster results, reduced costs, and easier maintainability. Hence API testing is going to be used more and more going forward and we should adapt the mindset change required for it.

Leave a Reply

Your email address will not be published. Required fields are marked *