What is API Testing?
API testing is a type of software testing that involves testing Application Programming Interfaces (APIs) directly and as part of integration testing to determine if they meet expectations for functionality, reliability, performance, and security. One of the most important thing to note about API Testing is APIs lack a GUI, hence API testing is performed at the message layer.
Why to perform API Testing?
API testing is helpful in discovering following issues:
- Unused flags.
- Missing or duplicate functionality.
- Reliability Issues like – difficulty in connecting and getting a response from API.
- Security Issues.
- Multi-threading issues.
- Performance Issues like – API response time is very high.
- Improper errors/warning to caller.
- Incorrect handling of valid argument values.
- Response Data is not structured correctly.
- Failure to handle error conditions.
API testing provides answer to following questions as well:
- Usability – Is it easy to set up?
- Functionality – Does it work as expected / documented?
- Reliability – Is it “reliable” over time?
- Proficiency – Is it performing as expected?
- Creativity – Can it be used in new ways?
- Security – Is it secure to be used?
API Testing Challenges
- An API is an interface intended to be interpreted by a program and hence in-depth knowledge of the working of the application is required to sufficiently test it.
- API Testing normally includes only the white-box testing approach, i.e the tester is much more concerned with internal operations of the application, exercising the individual paths the data can travel through the application.
- The API tester besides being aware of business requirements need to know the individual application functions within the business process in detail to ensure comprehensiveness in testing.
- The API usually exposes only part of the overall functionality at GUI level and by design testers are not able to go really deep into the application code, especially when it comes to testing all the negative test scenarios.
- The API testing role needs also to include a business user role, to make sure the offering is complete.This is in addition to roles like functional, non functional, security tester role.
How to perform API Testing?
Instead of using standard user inputs and outputs, in API Testing, software programs or functions are used to send calls to the API, get output, note down the system’s response and verify if it’s as expected or not. API Testing requires an application to interact with API. In order to test an API, we need to :
- Use a Tool to test the API or
- Write your own program or function to test the API.
API Testing Methodology
API testing methodology can be divided into three parts mainly:
Setting of API Test Environment
- API testing is different than other testing types as GUI is not available, and yet you are required to setup initial environment that invokes API with required set of parameters and then finally examines the test result.
- Database and server should be configured as per the application requirements.
- Once the installation is done, API Function should be called to check whether that API is working.
API Test planning
- Return value based on input condition: it is relatively easy to test, as input can be defined and results can be authenticated
- Does not return anything: When there is no return value, behaviour of API on the system to be checked
- Trigger some other API/event/interrupt: If output of an API triggers some event or interrupt, then those events and interrupt listeners should be tracked
- Update data structure: Updating data structure will have some outcome or effect on the system, and that should be authenticated
- Modify certain resources: If API call modifies some resources then it should be validated by accessing respective resources.
API Test execution
- Understanding the functionality of the API program and clearly define the scope of the program.
- Apply testing techniques such as equivalence classes, boundary value analysis and error guessing and execute planned test cases for the API.
- Input Parameters for the API need to be planned and defined appropriately.
- Calling one of the API function which in turn will call another API function.
- Execute the test cases and compare expected and actual results.
How to be a better API Tester?
Following are a few suggestions for a Tester to perform API Testing in a better way:
- Analyse successful and failed outcomes.
- Automate API test categories and testing priorities.
- Automate API documentation, but ensure that the documentation is easy to understand.
- Set priority for API function calls to be used for testing.
- Include stress to the non functional test environment using load tests.
- Expose the test to unusual situations to verify the reliability in handling unexpected issues, loads and stress conditions.
In my upcoming article I will discuss – How to perform API testing using SOAP UI. If you like my posts on Software Testing and Quality Analysis, please support by subscribing or sharing my blog (https://qanalysisblog.wordpress.com).Feel free to share your thoughts in the comments section below as I learn just as much from you as you do from me.