API stands for “Application Programming Interface“. Generally, an API is used to facilitate the interaction between two different applications by using any means of communication. When APIs are used over web networks, we name it “Web Services.” In recent times APIs have become the backbone of programming. As in an application, writing APIs to communicate with a database or with a module has become common for now and that’s why as a tester must test the APIs to for maximum test coverage.
As a part of integration testing, API automation can help to make faster the testing and increase efficiency. As most of the companies are using RESTful APIs at the business layer, API testing has become a critical component of the test plan for any release.
In simple terms, API is that type of service which helps two different applications to communicate with each other. Most APIs are used to separate the business logic and direct database access to any application.
Logically we can divide the entire system into three layers:
- Presentation Layer – This is the user interface (GUI) which is open to end-users. QA performs functional testing at this layer.
- Business Layer- This is the application user interface where the logic is written. In technical terms, this is where code/algorithm resides. APIs come into the picture at this layer
- DataBase Layer- Where application data is present.
In another way, the API is the brain of the connected world. It is the set of code, tools, standards, and protocols that bind our digital world together. Because of the dynamic nature of API and the capabilities they provide, APIs allow companies to become more flexible and everything to work together in a streamlined, integrated way. That’s why API testing is testing that tests the APIs at the service level and the integration level.
Testing Strategy for APIs
In API testing, a tester should focus on using software to make API calls in order to receive an output before observing and logging the system’s response. Most importantly, tests that the API returns a correct response/output under varying conditions. This output is typically one of these three:
- A Pass or Fail status
- Data or information
- A call to another API
However, there also could be no output at all or something unexpected occurs. This makes the tester’s role critical to the application development process. And because APIs are the central axis of data for many applications, data-driven testing for APIs can help increase more test coverage and accuracy.
In testing the API directly, specifying pass or fail scenarios is slightly more challenging. However, in comparing the API data in the response, after the API call in another API would help you set up definitive validation scenarios.
Testing of API is one of the most challenging parts of the whole chain of software testing and QA testing. Because it works to ensures that our digital lives run in an increasingly seamless and efficient manner. While developers test only the functionalities they are working on but testers are in charge of testing both individual functionalities and a series of functionalities, discovering how they work together from end to end.
Types of API Testing
Common testing of APIs includes:
- Unit testing: This involves testing the performance of each operation by logically isolating the performance within a system. By breaking the application into units, the system can be evaluated for proper assessment. The main concept of this test is to sequester a written code that determines if it’s working at the optimum level. unit testing helps to identify flaws in the early stages for better functionality in the long term.
- Functional Testing: This testing mainly focuses on the functionality of API. This would include test cases to verify HTTP response codes, error codes in case API return any error, ,and validation of response, etc.
- Load Testing: This testing is necessary in cases where API is dealing with huge data and chances of application to be used by number of users at the same time. This increases the API hits at the same time and it may crash and not able to take that load on application.
- Security Testing: This type of testing is particularly critical as API are used to create a link between two different applications. The basic purpose of an API is to abstract or hide the application’s database from other. This may include test cases like session management, authorization checks, etc.
- Interoperability Testing: This testing is to check that API is accessible to the applications where it should be. This applies to SOAP APIs.
- Penetration Testing: This testing is to find the vulnerability of API from external sources.
Web Services/API Protocols
There are mainly two types of services/protocols-
REST – REST is an acronym for “REpresentational State Transfer” protocol which is new on the block as compared to SOAP which means it must overcome all the problems with SOAP. REST API is a lightweight protocol which uses URL for all the needed information. It uses four HTTP methods to perform task-
- Get – To get the information.
- Post – To insert some data in the resource.
- Put – To update the resource.
- Delete – To delete from the resource.
REST is more used nowadays, due to its simple and lightweight architecture.
SOAP stands for “Simple Object Access Protocol”. It uses XML for message exchanging. All the information which is required to perform this task is given in its WSDL means(Web Service Description Language ). SOAP is heavyweight protocol due to its extensive used standards and XML. The main advantage of SOAP over REST is that it has built-in error handling and it can be used with other protocols like SMTP (Simple Mail Transfer Protocol).
Tools for API Testing and Automation
There are several tools to test the APIs. When a tester gets time to test an API, they must ask for its document, whether it is a SOAP API or REST API or its not-web based API. There should always be a document where the details should be written in a proper way. To approach API testing
- Ask for Doc
- Write functional or service level cases first
- Write integration tests
- When API is stable enough and passes most of the above tests, perform security, performance and load testing.
- A typical API doc has all the information related to the API like its response, request format, error codes, optional parameters ,resource, mandatory parameters headers, etc. The doc can be maintained in various tools like Swagger etc which is open source.
- After that, write the service-level cases for the API. For example, if an API takes an ‘n’ parameter to get the response in which ‘m’ (which is mandatory) parameters and others are optional, then one test case should be to try different combinations of parameters and verify the response code. Another test case may verify the headers and try to run API without passing authentication and verify the error.
- Next comes the step of integration testing, where tester need to test the API and all its dependent APIs or functions. This also includes testing API response and return the data into to another API .
- Once the API is stable and functional testing is almost done, then tester can perform testing like performance, load and security testing.
We frequently need to automate the test cases which are repeatedly executed, like regression cases. Likewise, in the case of API testing, there might be some cases in which we need to execute before every release or build and those test cases can be automated.
There are many tools for API automation testing which are quite popular:
- SOUP UI
- Katalon studio
- CloudQA TruAPI
- SOUP UI: SOAP UI a very popular tool for API testing. Where we perform functional, load, security and compliance tests on your API using SoapUI.
- Katalon Studio: Katalon Studio is a free (open source) and powerful automated testing tool for Web testing, Mobile testing and API testing .
- Postman: Postman is open source and helps you be more efficient while working with APIs. It has all the capabilities and features to develop and test APIs.
- JMeter: However JMeter is mostly used for performance and load testing, it can also be used for API functional testing to a good extent.
- RestAssured: Rest-Assured is a Java-based library which is used to test RESTful Web Services. The library can be included in the existing framework and you can directly call its methods directly for fetching response in JSON format and then perform required actions.
Challenges of API Testing
Just like other software testing techniques, API testing also has few challenges. Some of the common API testing challenges are below:
- The main challenge in Web API testing is Parameter Combination, Selection, and Call Sequencing
- There is no GUI available to test the application that makes it difficult to give inputs (Parameter).
- To verify and validate the output in a different system is difficult for testers.
- The testers must be aware of parameter selection and parameter categorization.
- Exception handling function should be tested
- Coding knowledge is necessary for testers
Nowadays API based applications have gained popularity. These applications are more scalable compared to traditional software and allow easier integration with the other APIs.
API testing provides a greater level of value addition over a traditional manual or automated testing approach. By using the correct tools and setup for API Testing, you can improve quality at a greater level and match out testing goals.
SevenMentor Pvt Ltd.
Call the Trainer and Book your free demo Class for now!!!
© Copyright 2019 | Sevenmentor Pvt Ltd.