API stands for Application Programming Interface. API describes how one software program communicates and exchanges data with other software programs. It behaves like an interface between different software systems for being interactive with each other. API is a set of functions, subroutines, protocols, standards, and code that glues our technical world together.
Let us understand API through one example. Consider you have booked an UBER for your commute. UBER uses Google maps for directions and live updates. That doesn’t mean UBER has developed its own maps for the same functionality. They are using Google Maps API to plug the same functionality in their app. This is how an API is used to plug and play the functionality.
If you want to Enrich your career with an API Testing certified professional, then visit Mindmajix - A Global online training platform: “API testing Training” Course. This course will help you to achieve excellence in this domain.
There are many other famous APIs like YouTube API, Twitter API, Amazon Advertising API, etc.
Any application is made up of 3 layers.
GUI testing is done on the presentation layer. API testing is totally different than GUI testing. It is applied to the business layer of an application. API testing is done to check whether API is giving the expected results, whether it is reliable, how its performance is and whether it is secure or not. API testing doesn’t focus on the application’s look and feel. It concentrates on API’s performance and integration.
There are various types of tests done on API. They are categorized in below 9 categories.
Let us discuss each and every testing type in detailed
Unit Testing: Unit testing is defined as the testing of a unit or some specific functionality
Functional Testing: Functional testing is defined as a test of functions in the codebase. These tests are run to ensure API functions are within expected parameters and errors are handled properly.
Load Testing: Load testing is done to ensure the performance and functionality of an API under load.
Security Testing: Security testing is carried to ensure the API is secure from external threats.
UI Testing: UI testing is termed as a test of your user interface for API and its components. It is especially concerned with the function of UI, whether the interface depends on command line calls or graphical in nature.
Runtime Error Detection: This test is carried to identify exceptions or resource leaks to prevent future erroneous scenarios.
Penetration Testing: Penetration testing is done to identify how vulnerable the application is for attackers.
Fuzz Testing: Fuzz testing is negative testing to see how API behaves in a worst-case scenario. In this testing, a lot of random data is given as input to create fuzz and check how API handles this forced crash.
Interoperability and WS Compliance Testing: It is only applicable for SOAP APIs. It generally checks 2 fields. Firstly, Interoperability is checked by making sure with Web Services Interoperability Profiles. Secondly, compliance is checked to make sure standards like WS-Discovery, WS-Addressing, WS-Federation, WS-Security, WS-Policy, and WS-Trust are properly utilized and maintained.
Due to test-driven development, unit testing becomes an integral part of every development effort. On the other hand, there are many applications that provide API for code-level access for functionality. Both types of testing target the code-level and have similar tools. Let us see how they are different from each other.
The below table states the difference between API and Unit testing.
|API Testing||Unit Testing|
|API testing is termed black-box testing which mainly focuses on the result of the system under test.||Unit testing tests each module and ensures each module delivers its functionality. It is an important activity for a developer to make the necessary changes|
|API tests are implemented and executed once the build is ready and developed by the QA team.||Unit test codes are developed by programmers only.|
|API testing targets the whole system. So, while designing test cases, one needs to consider the ‘full’ functionality of the system||Unit tests are developed for each module. They are designed for each module in isolation. It doesn’t consider the interactions between those units.|
API Testing is different than another testing as GUI is not involved in API Testing. To test API, we need to set up an environment, which accepts input parameters, invoke APIs with those parameters, and derive the result.
To set up the API Test environment, we need to configure the database and server as per application requirements. Once that is installed, we can call API functions to verify if API is working or not.
Below is the list of some common tests we carry for API testing:
Return value for an input condition: we need to verify responses based on the request. It is comparatively easy to test as input variables are known and results can be authenticated.
Effect of updating data structure: If we update data structures, it will affect the outcome of an API. This outcome needs to be authenticated.
Redirection of an API – an event or another API call: If an API redirects control to an event or another API then those also should be tracked.
In case of no return value: When API doesn't return any value, its behavior must be verified.
Resource Modification: If API calls modify some resources, then those resources must be verified and validated by accessing them.
There are various points that help us to choose the best API testing approach
Once you have applied the above points, you need to start organizing yourself for the API test. Try to answer the below questions:
This will be helpful to create testing boundaries and requirements. Altogether, all these points help us to decide on a perfect API test strategy.
[Related Article: API Testing Interview Questions for Experienced]
Once we have decided on testing boundaries and requirements, we need to decide what exactly we want to test API for. Apart from the usual SDLC process, below are few testing methods.
Discovery testing: Testing team needs to manually test the set of calls included in API such as ensuring a resource used by API is listed, created or deleted as required.
Usability testing: This testing verifies if API integrates with other platforms properly. This method is to check if API is user-friendly and functional.
Security testing: This testing method verifies the type of authentication required and ensures sensitive and confidential data is encrypted over HTTP.
Automated testing: This testing method creates a script that executes and triggers API regularly without any manual efforts.
Documentation testing: This method verifies if documentation is providing enough information about API. This documentation is delivered as a part of the final deliverable by the development team. There are many API documentation templates available like Miredot, Slate, RestDoc, API blueprint, FlatDoc, Swagger, etc.
In API Testing, we generally send a request to API with some input parameters and analyze the response we received for those known data. Below are the key areas we need to verify while performing API testing:
There are various types of bugs or errors detected by API testing. Below are some of them:
Once you have prepared your test plan, make sure you follow some thumb rules to succeed in the test as much as possible:
Make sure each test case is independent of dependencies if possible.
API testing provides several advantages to improve the test coverage which provides a faster and effective result. Some of the advantages are mentioned below:
Core Functionality Test: The application can be accessed without any user interface through API testing. Core functionality tests result in an early evaluation of any build before any GUI tests are applied to it. This practice identified small issues that can become larger while performing GUI testing. This will reduce the testing cost.
Language Independent: Data is exchanged in JSON or XML while performing API testing. Transfer modes here are completely language-independent. You can select any core language while automating testing for your application.
Time and Cost-Effective: API testing is less time-consuming than GUI testing. API tests require lesser code and hence provide faster and better coverage than GUI testing.
Risk Reduction: API testing is helpful to find bugs early in the test cycle, hence reduce risks.
GUI Integration: You can easily integrate GUI testing with API testing. This is most helpful when you want to perform API testing followed by functional GUI testing.
There are some challenges that we face while doing API testing.
API testing can be done through various tools. Having the right tool and process for API testing is the most important task as it is the crucial component for any application. There are many open-source and commercial tools available for API testing.
Below is the list of some of the best tools available in the market for API testing:
SoapUI: Automation testing tool for REST and SOAP API. It supports cross-platform and has free and aid plans.
Katalon Studio: It is a Web, API, and Mobile testing tool. It is good for beginners as well as experts. It has a free license and paid support services.
JMeter: It is designed for load testing and functional testing.
Postman: It is an API development environment. It has free as well as paid but cheap plans.
Fiddler: It is a tool to monitor, reuse and manipulate existing HTTP requests. Its APITest extension allows us to validate APIs behaviors across the web.
Apigee: Apigee is a cross-cloud API testing tool that allows users to validate API performance along with building and supporting APIs with other tools like Swagger.
Rest-Assured: It is a tool used for testing REST services in a Java environment. It is an open-source tool.
Swagger: It is a tool for the API designing process which includes the whole API lifecycle.
Assertible: Assertible is an API testing tool known for automation and reliability.
Karate DSL: It is a tool that allows testers to write test cases using the domain-specific language for web service.
RestSharp: It is an API testing tool that is used to test REST for the .NET environment.
There are many other tools available in the market for API testing. Choose according to your requirement and environment.
API testing plays an important role in any application. If it is not tested properly, it can create problems while calling the application. It is a crucial and mandatory test in the software lifecycle.
Ravindra Savaram is a Content Lead at Mindmajix.com. His passion lies in writing articles on the most popular IT platforms including Machine learning, DevOps, Data Science, Artificial Intelligence, RPA, Deep Learning, and so on. You can stay up to date on all these technologies by following him on LinkedIn and Twitter.