API Testing — Approaches and Tools

APIs are everywhere, this means there is a huge demand for using them to build new-age applications. The importance of a proper testing process for API shouldn’t change irrespective of internal or external-facing. API testing stresses the testing of business logic, data responses, and performance bottlenecks.

API testing is fundamentally done to identify bugs, deviations, or variations from the expected behavior. API’s add value to any application, testing these APIs will ensure it does what it’s supposed to do. APIs should be tested for their Correctness, Reliability, Scalability, and Performance. As per the testing pyramid, first is the unit test layer — code testing often conducted by developers while writing it. Then comes the business layer — the right place for API testing. Next, when the front end is finished, UI testing is carried out.

Different Types of API testing

  1. Functionality testing — Testing the return of desired output for a given input.
  2. Load testing- No. of calls API can handle.
  3. Negative Testing — Testing all types of wrong input.
  4. Data-Driven testing — Testing API with a stored set of data.
  5. Security Testing — Testing the security aspects like Authentication, Authorization, etc for API.
  6. Integration testing — Testing the communication between different APIs.
  7. Reliability Testing — Testing the API for any possible disconnections.
  8. Penetration testing — Assess the threat vector of an API.
  9. Fuzz testing — Testing with a large amount of random data to check forced crashes.
  10. Regression Testing — Testing if Existing functionalities work fine

Step by Step approach for API testing

Step 1: Determine testing steps and boundaries.

Asking the right type of questions to the development team will ensure you are organized to start the testing. These questions can be:-

  1. Who is the API consumer?
  2. What is the type of API(REST or SOAP)?
  3. What are the different environments that API uses?
  4. What is the workflow of the application?
  5. What would happen if the API works normally.
  6. What would be the behavior of the API works abnormally?
  7. What other integration endpoints does this API interact with?

Step 2: Establish an API test environment. — Testing team should Collaborate with DevOps engineers for the configuration of servers and databases and ensure the API testing environment is up and running.

Step3: Making a trial API call — Testing team should make a single hit to API to ensure its works without any errors.

Step 4: Specifying API input parameters. — Correct input parameters are the key to test that API is performing as expected. Due diligence is required that API input parameters are correct and are well documented.

Step 5: Creating & executing Test cases — Once all preparations are done, the testing team should write test cases and execute them to compare actual results with the expected ones.

Common tools for automated testing of API

  1. Soap UI — https://www.soapui.org/
  2. Postman client — https://www.postman.com/
  3. jMeter — https://jmeter.apache.org/
  4. C# based RestSharp. — https://rest-assured.io/
  5. Katalon Studio — https://www.katalon.com/
  6. Tricentis Tosca — https://www.tricentis.com/

Common tools for documenting API s

  1. Swagger https://swagger.io/
  2. Slate https://github.com/slatedocs/slate

Coder at heart @rpsingh2010