A Quick Introduction To API Testing

What is API?

An application has three layers: a data layer, an API layer, and a UI (User Interface) layer. API or Application Program Interface forms the crux of an application since the business logic is usually stored in it. Without it, frontend users wouldn’t interact with the backend, and services wouldn’t work.

Broadly, API uses two approaches – SOAP & REST. The working of API is almost similar in both, i.e., facilitating the transfer of messages between frontend and backend using HTTP messages like GET, PUT, and the text of these messages are usually in JSON and XML for REST and SOAP APIs.

In earlier days, when the API was first adopted by Salesforce, it was primarily used for in-house services and applications. But over the years, companies realized its significance, being a linchpin that offers services to other third-party applications, especially in a microservices approach to software development. Hence, it’s impractical to think of an application sans API today.

The current scenario is important to understand why testing API is vital for a company.

Why is API testing necessary?

As we discussed earlier, APIs interact with many parts of the application internally and with third-party systems to streamline the business process. If API’s working is at fault and error isn’t detected, it is highly probable to break an entire application and network of business processes anchored on it.

While developers perform functional testing of APIs they are working on, there’s much more to APIs than just functionality. It stresses testing the business logic, data responses and security, and performance bottlenecks. As you get ready with your application’s launch, API testing should be part of your overall testing strategy. The testing team should run continuous API tests in parallel with the development to find defects early and fix them for a seamless user experience.

Now that API has to be tested for all the above criteria, we’ll see the types of API testing in the next section.

According to a research by SmartBear over testing professionals in 2019, 91% of respondents either currently have, or plan to have a formal API testing process in place in the near future.

What types of API testing are to be done?

API testing involves various QA activities, such as validating responses, handling API calls, verifying outputs using multiple parameters. The role of a tester is inclined towards finding data accuracy, HTTP status codes, data format, and error codes.

The most common task for a tester is to verify the team’s response status code that built the API. All API status code that follows a global standard are categorized into 5 values. The testers need to verify whether the codes are specified in requirements and follow international standards.

The 5 values are

1xx (Informational): Request received and continues to be processed

2xx (Successful): Request successfully received, understood, and accepted

3xx (Redirection): Further action needs to be taken to complete the request

4xx (Client Error): The request cannot be fulfilled or contains wrong syntax

5xx (Server Error): Server failed to fulfill an apparently valid request

Let’s see the types of API testing that should be performed,

TYPES OF API TESTING

API Load Testing:

APIs need to be tested for functionalities and performance with varying load inputs and verify whether the API throws the expected output. The following metrics are to be measured in the API load test to understand how an API would react to varying load scenarios.

• Response times

• Check severe conditions
• Throughput

API Security Testing:

API security testing is carried out to shield the APIs from security threats. The test requirements include authentication, permissions, encryptions, access controls that should always be safe. Even a single gap in the API security would pose severe threats to the rest of the components linked to it.

API End-to-End Testing:

E2E testing is done to ensure the data validation across API connections. This testing verifies that system as a whole is making the correct API calls and get responses as desired.

API Integration Testing:

As many apps rely on third-party APIs, it’s essential to test these integrations properly and identify defects in the same stage it is developed. The objective of this testing to verify the functionality, performance, security aspects of API.

Manual vs. Automated API Testing

While manual testing can be performed by writing your own code to test, automated testing of API requires you to use standard approaches like TDD, BDD. In the world of DevOps Testing and Agile Testing, automated API testing seems to be the right choice as it can be performed in tandem with development.

Behavior Driven Testing allows testers to write test scripts using simple Gherkin language.

Example of Behavior Driven Testing:

Scenario: Delete User

Given I want to execute delete service

When I submit the DELETE request

Then I validate delete status code

And I validate delete response content

You can use automated API testing to perform,

• API functional tests
• Analyze test coverage
• API performance testing
• Regression testing
• Load testing
• Repetitive test designs

Manual testing is well suited for:

• Usability testing
• Exploratory testing

It’s critical to have the right test framework, tools, and solutions for successful API automation testing. In our next section, we’ll see the top 3 API testing tools widely used today.

API testing tools

POSTMAN

Application under test: API

Platforms supported: Windows, macOS, Linux.

Pricing: Free – $12/user/month

Postman is an excellent choice for your test team if they don’t want to code in an integrated development environment using the same tech stack as your developers. It provides an easy-to-use interface and can be quickly leveraged using a chrome plug-in.

Test teams can use it for both automated and exploratory testing. It has Run, Test, Document, and Monitoring Features and makes it easy to share information – all the requests and expected response packages with the team.

SOAP UI

Application under test: API

Platforms supported: Windows, macOS, Linux.

Pricing: Free – $659/year

SOAP UI is a dedicated API testing tool that allows users to test REST and SOAP APIs and Web Services quickly. It enables users to create tests quickly and easily with Drag and drop, Point-and-click and grants for reusability of scripts in few steps.

If your team needs to create custom codes, SOAP UI makes it possible with Groovy. Pro package enables data-driven testing: Data loaded from files and databases, and excel to understand how consumers interact with the APIs

REST-assured

Application under test: API

Pricing: Open source

For teams that use JAVA, Rest-assured is the first choice for API testing. Anyone with no prior knowledge of HTTP can use this to test HTTP-based REST services. It’s an easy-to-use tool and integrates well with your Java-based automation framework.

It offers built-in functionalities so that users don’t have to code anything from scratch. One of it’s most significant pros is that it supports BDD (Behavior-driven development), which makes API testing easier using plain Gherkin language – Given/When/Then syntax

Final word

API testing has been gaining significance steadily over the last two years, according to Google Trends. In the world of Agile & Microservices, the components that makeup web applications both in frontend and backend, are built separately and are linked together only with the help of APIs. This emphasizes that well-planned API testing process is a must to ensure the proper working of the software.