API Testing

API Testing

Dec 13, 2021

Overview: APIs are the new buzzword. They have become center of software development practices and are used to connect and transfer data between different systems. Testing the APIs improves the efficiency of testing and helps to shift the delivery cycles to left.

So, what are APIs?

Application programming interfaces or APIs, as they are called, is a software communication system which allows two applications to communicate with each other to exchange data. In other words, APIs are basically messengers which take your request from one system and bring the response of the other system back to you i.e. APIs contain the business logic of the application.

Example- You make a search request on Google using your phone. In the background, application connects to internet and sends data to a server. The server retrieves the data sent by you, interprets it, and performs the required action (in this case – search for the keyword typed) and sends it back to you.

Using an API is also secure as your phone data is not exposed to server. Also, server is not fully exposed to the app initiating the request. Modern APIs adhere to HTTP/REST standards. They are developer-friendly, easily accessible, and easily understandable as well. You can navigate to any site’s developer page to access their APIs and relevant documentation.

What is API Testing?

API testing is a type of software testing that involves testing the APIs to know if they meet the functional or nonfunctional requirements. It can be done as part of integration testing or it can be done independently as well. Since, there is no UI involved, API testing is done at business layer. API tests do not focus on look and feel of the application. They focus on business logic.

API Testing

Types of API Testing:

There are 3 types of API testing which can be performed.

Functional Testing

  • It involves testing the API with valid and invalid inputs to know if it does the intended operations or not.
  • Input is provided in the form of JSON or XML payloads.
  • An HTTP response code is returned from the target end point depending on the request sent.

Performance Testing

  • Load testing occurs usually after a module is completed and functionally validated as well.
  •  Load testing monitors the app's performance at both normal and peak conditions.
  • It helps to determine how much traffic your system can handle.
  • We can check the response times of APIs with every request.

Security Testing

  • Security testing is done to ensure that APIs are secure from external threats
  • It is used to test access control and authorization validation.
  • A penetration test can also be performed on an API.
  • Another type of security test- Fuzz Testing can also be performed on APIs.
    • A huge amount of random data (referred to as "noise" or "fuzz") will be input into the system to detect any negative behaviors.
    • This allows to test for worst case scenarios.

API Testing Approach and Best Practices:

Before testing an API, one should understand what is the purpose which API is trying to serve? Knowing it will help you strategize your tests and prepare your test data as well.

Secondly, you should also understand the workflow of the application for which an API is constructed.

  • This will help in your verification.
  • Example- You cannot test delete order (API) before you create an order (API).
  • You can use the output from one test to the input for succeeding tests to create the chained tests which can run together.

Know the expected response codes-

  • API response status codes are divided into five categories as per global standards.
  • The first digit of the status code defines the class of response. These are
    • 1xx (Informational)- It means request is received and is being processed.
    • 2xx (Success)- It implies request is successfully received and processed.
    • 3xx (Redirection)- Action is required to complete the request.
    • 4xx (Client Error)- Something is wrong with request sent (Syntax) and it cannot be fulfilled.
    • 5xx (Server Error)- Server cannot fulfil the request.
  • The last two digits do not have any class or categorization role.
  • Actual response code is specified by development team as per requirements.
  • The custom responses should however fall in above 5 categories.

Organize your tests

  • Avoid testing more than one API in one test. It is easier to debug this way.
  • Organize your tests to make an end-to-end application flow.
  • Organize flows into functional categories (or collections/test sets) for better understanding.

Parameterize your tests

  • Mention parameters in your tests. Avoid using hardcoded values.
  • This way your tests can be used with multiple data sets enlarging your test base.

Automate as much as possible

  • Leverage automation capabilities as much and as early in development cycle as possible.
  • Automation with a data-driven approach, as mentioned above, can help increase API test coverage to a great extent.

API Virtualization

  • An API virtualization tool can create an exact virtual copy of your API
  • An automation approach with mocking techniques (read stubbing/Virtualization) can help verify API and its integration before the actual API is developed.
  • This helps in quicker time to market by testing as early as possible.

Continuous Testing

  • Scheduling automated API tests on daily basis during the test cycle is a recommended approach.
  • This can be done by integrating your test tools with other CI tools (Jenkins).
  • If a test fails, you can quickly validate issues to have proper solutions earlier.

API Testing Tools:

For leveraging automation, as mentioned in testing approach above, a very important criteria are to identify the right tool. Below are some criteria with which you can form a decision,

  • Check if the tool under consideration supports APIs which your application uses.
  • Does the tool allow authorization methods you are using in your application?
  • Does the tool allow data-driven approach?
  • Is the tool compatible with other legacy webservice end points?

There are quite a few tools available in market for API testing. Major share in market is captured by below tools-

  • Postman
  • SOAP UI
  • Swagger
  • Katalon
  • Apigee
  • JMeter
  • Rest-Assured

API Testing Challenges

Adapting to the new approach of testing

  • While most testers are adept in testing from front end- manual or automation testing, they may not be well-versed on an API testing approach.
  • Lack of API testing skillset can kill the entire test strategy.
  • A comprehensive training can help testers adapt to the new approach of testing.

Parameter Combination Testing

  • Communication between API happens through the data that passes between these systems.
  • This data is passed into the requests using parameters.
  • With larger applications, an additional parameter can increase the number of possible test cases exponentially.
  • Use elimination techniques like Boundary value combinations to rule out the scenarios which are not possible in real time.

Versioning

  • Versioning is the primary cause of complexity in API testing
  • Issues may arise because of communication gap when a new API version is released without deprecating the previous ones.
  • If the previous version is still open, it can lead to security risk as older parameters can still be accessed which can lead to breach of critical data.

Tool Selection

  • Not all tools support testing the API functional, mobile, security testing scenarios.
  • Even skilled testers can’t run API test cases correctly when the proper tools and frameworks are not available.
  • A thorough comparison of the tools helps to select the best tools that suit your project.

API Testing Benefits

Early Testing

  • The major advantage of API testing is that it provides access to applications without having to interact with a GUI.
  • This helps testers to find defects early so developers can fix them before they affect the UI.

Testing for core functionality

  • API testing helps to test the core business logic of the application.
  • By testing with APIs, we know that business logic is working fine and if there are any bugs, they are at UI level only and UI bugs can be simpler to fix.

Efficient and Cost effective

  • API testing is much faster than UI testing as UI tests require to poll web pages which slows down testing
  • As the API tests are faster, it helps to save overall development and testing costs.

Language independent

  • As previously mentioned, an API test exchanges data using XML or JSON.
  • These transfer modes are completely language-independent, meaning automated tests can be written in any language.

Conclusion: We all know that to achieve top software quality a rigorous and comprehensive testing is required. Automated API testing plays a crucial role in achieving this as it enables testing on business layer. API testing also brings a lot of business benefits like faster results, reduced costs, and easier maintainability. Hence, API testing is going to be used more and more going forward and we should adapt to the mindset change required for it.

*********

API Testing Jobs