What is an API?
API stands for Application Programming Interface. In simpler words, APIs are stand-alone pieces of software that we send calls to and get the yield. Most developers deal with APIs every day. If you website uses login using Facebook, that is connected to Facebook API, if you save your files in Dropbox, that is an API and so on. As the importance of API development grows, we also realize that being able to test these APIs properly is a crucial task. With APIs, applications talk to each other without any user knowledge or intervention.
What is API Testing?
This is type of functional testing in which developer can test APIs. API testing is entirely different from GUI testing and mainly concentrates on the business logic layer of the software architecture. API testing uses software to send calls to the API and get the output. This (figure 1) represent the OSI model of API.
Test Cases for API Testing
Test cases of API testing are based on
- Return value based on input condition: it is relatively easy to test, as input can be defined and results can be authenticated
- Does not return anything: When there is no return value, behavior of API on the system to be checked
- Trigger some other API/event/interrupt: If output of an API triggers some event or interrupt, then those events and interrupt listeners should be tracked
- Modify certain resources: If API call modifies some resources then it should be validated by accessing respective resources
How to approach API Testing?
Following points helps the user to setup an API Testing approach:
- Understanding the functionality of the API program and clearly define the scope of the program
- Apply testing techniques such as equivalence classes, boundary value analysis and error guessing and write test cases for the API
- Input Parameters for the API need to be planned and defined appropriately
- Execute the test cases and compare expected and actual results.
What to test for in API testing?
API testing should cover at least following testing methods apart from usual SDLC process:
- Discovery testing: The test group should manually execute the set of calls documented in the API like verifying that a specific resource exposed by the API can be listed, created and deleted as appropriate
- Usability testing: This testing verifies whether the API is functional and user-friendly. And does API integrates well with another platform as well
- Security testing: This testing includes what type of authentication is required and whether sensitive data is encrypted over HTTP or both
- Automated testing: API testing should culminate in the creation of a set of scripts or a tool that can be used to execute the API regularly
Types of Bugs that API testing detects
- Verify if API doesn’t return any response. For example, If URL is Incorrect or API doesn’t send any response.
- Based on input request, return request should be checked. (Request maybe GET, POST, PUT, DELETE).
- Verification of the API whether it is updating any data structure.
- Delay in API Response time
- Response Data is not structured. This includes HTTP headers including correct content type.
- Difficulty in connecting and getting response from API
Tools for API Testing
There are some open-source tools for API Testing.
Postman
The Postman API has several endpoints to help you integrate Postman even more deeply with your development toolchain. You can add new collections, update existing collections, update environments, add and run monitors directly through the API. This API allows you to programmatically access data stored in your Postman account with ease.
SoapUI
it is Open Source Tool In which you can Test your APIs. The Main difference between SoapUI and other open source tools is that you can also perfume load testing of APIs
Karate DSL
Karate is a new test framework based on the well-known Cucumber library. It allows you to quickly write meaningful tests for web services using a domain-specific language (DSL).
Robo Hydra Server
Robo Hydra is a web server designed to help you test any kind of HTTP, HTTPS, or Web Sockets client
Hippie-Swagger
Hippie-Swagger tool is same as Postman. It is a tool for testing RESTful APIs.
API Testing Browser Extension tools
API testing Plugins are also available in web browsers such as Chrome and Firefox. Here are some tools which are available on Chrome Webstore.
- Postman
- Restlet Client
- Advance REST client
- Stoplight API tool
- REST Easy
Advantages of API Testing
Properly tested APIs are a breeze to work with and save a tonne of time over the course of a project.
- Time Effective
- Language Independent
- Test Core Functionality
- Reduce Testing cost
- Reduced Risks
Conclusion
API consists of a set of classes / functions / procedures which represent the business logic layer. If API is not tested properly, it may cause problems not only the API application but also in the calling application. We provide API development and testing services. We will provide document with results after testing your API.
