API testing

What Is API Testing?

If you’re wondering what an API is, just google it. Just kidding. All you need to do is just stay tuned and focus on what we are talking about here.

What is an API?

Like UI allows users to interact with an application, Application Program Interface (API) allows applications to communicate with each other using a common language, set by a contract․ It enables the exchange of data and connection between separate software systems.

What is API testing?

A testing type that validates API is known as API testing. In comparison with GUI testing, it focuses on the business logic layer of the software. In API testing we don’t use a keyboard (standard inputs and outputs), but the software to send requests to the API and get the system’s response.
To sum up, it’s all about sent requests and responses from the system.
Sounds quite easy, right? But wait a minute. API testing can be complicated. API testing is one of the most challenging parts of the software and quality testing because it is done to ensure that your digital lives run efficiently and seamlessly. If somehow an API breaks, it can lead to a breakdown not only of a single application but an entire chain of business processes. API gives value to an application, and its malfunctions are vital for the system.

Why perform API Testing?

Unlike a user, who interacts with an application at UI level, developers and testers ensure the reliability of underlying APIs. API testing allows them to test the system without waiting for the entire system build and not to stick as a user at the UI level
In comparison with UI testing, which is limited to validate a specific user experience, API testing is powerful. It allows application testing at the API level, interacting directly with APIs, testing the business logic layer, which can be easily automated.

API environment configuration:

Setting up the API environment right is very important before starting any API testing. Without it, making any progress in API testing will be complicated.
API testing is quite different from other testing types. First of all, one doesn’t interact with the system in level UI, and yet needs to set up an initial environment that launches API with the required set of conditions. Consequently, all systems, like database and server, must be configured according to the application's requirements. When the configurations are done, API functions are called to check their workability.

API testing approach and what can be covered by API testing?

The best way to apply API testing right is following Martin Fowler’s testing pyramid concept, aka testing strategy built from the bottom up. The testing pyramid approach means building a complex API test sets based on solid unit tests. Such an approach allows “to fail fast and fail early” - to find out defects earlier at their source, instead of carrying them farther in the SDLC.
Now, let us understand what kind of tests can be covered by an API testing.

API testing covers:

1. Contract tests
2. Component tests
3. Functional tests
4. Load test
5. Performance tests
6. Negative tests
7. Security tests

Contract tests

The most basic API test is the Contract test. Consider it like a “smoke test” that verifies the correctness of the contract and its suitability to the client.

Component tests

For creating a component test, the tester can just consume the service contract and let it create clients.

Functional tests

API testing that checks if a system performs as intended.

Load tests

Here API testing verifies if the system’s API can handle a large number of calls.

Performance tests

Performance testing is usually done at the end of the testing process (in a specific environment). This is a serious issue because of SLA (Service Level Agreement) that has API. If an application doesn’t meet this agreement, it can’t be released. Hence, if performance testing is done at the very end, any failure can cause an immense release delay. Testers conduct performance testing earlier to solve this problem. It allows them to track performance issues before running a full regression test set. They take scenario tests, load them into performance testing tool, and run them with a large number of users. In case of failure, it can be traced back to the individual user story and get a better understanding of an issue. This information can be used by managers to decide whether to release an app or not.

Negative tests

API testing covers Negative tests to check all possible invalid inputs from the users.

Security tests

One of the principal aspects of an application is its security. All issues with security can harm the reputation and lead to financial losses. Any intentional or unintentional trial to get your APIs in a way you don’t expect must be foreseen and forbidden. Proper sets of test cases and API tests must be performed to safeguard this type of intrusion.

Manual or Automated?

First of all, let us understand the difference between manual and automated API testing.
While manual API testing is performed by manually written codes, automated API testing uses specialized tools for running the tests. However, it is highly recommended to use automation in agile development and continuous delivery cycles.
Manual API testing can be performed in the case of Exploratory, Usability and Ad-hoc testing. Automated API testing is done in case of API functional and Performance testings, testing of protocols in a single or unified framework, Data-driven and Load testing, Error testing, testing in multiple languages, and Regression testing.

What can be found during API TESTING?
Here is the list of bugs that can be discovered by API testing.

● Response data is not structured correctly (JSON or XML)
● Reliability Issues.
● Difficulty in connecting and getting a response from API.
● Security Issues
● Multi-threading issues
● Performance Issues. API response time is very high.
● Improper errors/warning to a caller

API testing tools
To close this complex topic, let us briefly look at the automation tools for API testing. The following tools/frameworks can be used for API automation testing:

● Postman
● Parasoft SO
● Rest-assured
● Eclipse SDK tool
● dotTEST
● API Fortress
● Runscope
● Cfix, etc.

Summing up

Applications business level consists of a set of classes/functions/ procedures, which is API. If it’s not tested properly, the application’s whole business logic can crash. Hence, understanding API testing environment configuration, procedures, and tools can help you to achieve the best quality for your application.

● Focusing on testing of backend part of the system
● GUI independent, time effective, no need UI to be ready
● Avoiding user interaction
● Applicable different types of testing
● Automated tests, fast execution, language independent
● Testing core functionality of the system

Share on

TestingArt © 2020 |