What is API Testing? - Tutorial for Beginners

Let us understand API through one example. Consider you have booked an UBER for your commute. UBER uses Google maps for directions and live updates. That doesn’t mean UBER has developed its own maps for the same functionality. They are using Google Maps API to plug the same functionality into their app. This is how an API is used to plug and play the functionality.

Table of Contents

Types of API Testing API Testing Vs. Unit Testing API Test Environment Setup Test Cases for API Testing API Testing Approach How to do API Testing? Best Practices of API Testing Advantages of API Testing Challenges of API Testing Tools for API Testing

What is API Testing and How to Use It?

There are many other famous APIs like YouTube API, Twitter API, Amazon Advertising API, etc.
Any application is made up of 3 layers.

1. Presentation Layer
2. Business Layer
3. Database Layer

GUI testing is done on the presentation layer. API testing is totally different from GUI testing. It is applied to the business layer of an application. API testing is done to check whether API is giving the expected results, whether it is reliable, how its performance is and whether it is secure or not. API testing doesn’t focus on the application’s look and feel. It concentrates on API’s performance and integration.

Types of API Testing

There are various types of tests done on API. They are categorized in below 9 categories.

1. Unit testing
2. Security Testing
3. UI testing
4. Interoperability and WS Compliance testing
5. Functional Testing
6. Load Testing
7. The run time or Error Detection

Let us discuss each and every testing type in detailed

Unit Testing: Unit testing is defined as the testing of a unit or some specific functionality

Functional Testing: Functional testing is defined as a test of functions in the codebase. These tests are run to ensure API functions are within expected parameters and errors are handled properly.

Load Testing: Load testing is done to ensure the performance and functionality of an API under load.

Security Testing: Security testing is carried to ensure the API is secure from external threats.

UI Testing: UI testing is termed as a test of your user interface for API and its components. It is especially concerned with the function of UI, whether the interface depends on command line calls or is graphical in nature.

If you want to Enrich your career with an API Testing certified professional, then visit Mindmajix - A Global online training platform: “API Testing Training” Course. This course will help you to achieve excellence in this domain.

Runtime Error Detection: This test is carried to identify exceptions or resource leaks to prevent future erroneous scenarios.

Penetration Testing: Penetration testing is done to identify how vulnerable the application is to attackers.

Fuzz Testing: Fuzz testing is negative testing to see how API behaves in a worst-case scenario. In this testing, a lot of random data is given as input to create fuzz and check how API handles this forced crash.

Interoperability and WS Compliance Testing: It is only applicable for SOAP APIs. It generally checks 2 fields. Firstly, Interoperability is checked by making sure with Web Services Interoperability Profiles. Secondly, compliance is checked to make sure standards like WS-Discovery, WS-Addressing, WS-Federation, WS-Security, WS-Policy, and WS-Trust are properly utilized and maintained. 

API Testing Vs. Unit Testing

Due to test-driven development, unit testing becomes an integral part of every development effort. On the other hand, there are many applications that provide API for code-level access for functionality. Both types of testing target the code level and have similar tools. Let us see how they are different from each other.
The below table states the difference between API and Unit testing.

API Testing	Unit Testing
API testing is termed black-box testing which mainly focuses on the result of the system under test.	Unit testing tests each module and ensures each module delivers its functionality. It is an important activity for a developer to make the necessary changes
API tests are implemented and executed once the build is ready and developed by the QA team.	Unit test codes are developed by programmers only.
API testing targets the whole system. So, while designing test cases, one needs to consider the ‘full’ functionality of the system	Unit tests are developed for each module. They are designed for each module in isolation. It doesn’t consider the interactions between those units.

API Test Environment Setup

API Testing is different from other testing as GUI is not involved in API Testing. To test API, we need to set up an environment, which accepts input parameters, invoke APIs with those parameters and derive the result.
To set up the API Test environment, we need to configure the database and server as per application requirements. Once that is installed, we can call API functions to verify if API is working or not.

Test Cases for API Testing.

Below is the list of some common tests we carry for API testing:

• Return value for an input condition: we need to verify responses based on the request. It is comparatively easy to test as input variables are known and results can be authenticated.
• Effect of updating data structure: If we update data structures, it will affect the outcome of an API. This outcome needs to be authenticated.
• Redirection of an API – an event or another API call: If an API redirects control to an event or another API then those also should be tracked.
• In case of no return value: When API doesn't return any value, its behaviour must be verified.
• Resource Modification: If API calls modify some resources, then those resources must be verified and validated by accessing them.

API Testing Approach

There are various points that help us to choose the best API testing approach

• Define the scope of the program by understanding the functionality of the API program
• Setup the test environment which includes database and server configuration as per the application requirements.
• Perform API testing by using different testing techniques like boundary value analysis, equivalence classes, and error guessing. Also, write test cases for the API.
• Plan and define input parameters for the API properly
• Perform test cases with known input configurations and ensure API meets the expected result.

Once you have applied the above points, you need to start organizing yourself for the API test. Try to answer the below questions:

• Who consumes API? Who is the target audience?
• Which environment API should use?
• What is the expected result in normal circumstances?
• Any preference for testing API?
• For which problems we are testing?
• What will happen in abnormal circumstances?
• Which other API can communicate with this API?
• What are your pass and fail scenarios?

This will be helpful to create testing boundaries and requirements. Altogether, all these points help us to decide on a perfect API test strategy.

Related Article: API Testing Interview Questions for Experienced

How to do API Testing?

Once we have decided on testing boundaries and requirements, we need to decide what exactly we want to test API for. Apart from the usual SDLC process, below are few testing methods.

• Discovery testing: Testing team needs to manually test the set of calls included in API such as ensuring a resource used by API is listed, created, or deleted as required.
• Usability testing: This testing verifies if API integrates with other platforms properly. This method is to check if API is user-friendly and functional.
• Security testing: This testing method verifies the type of authentication required and ensures sensitive and confidential data is encrypted over HTTP.
• Automated testing: This testing method creates a script that executes and triggers API regularly without any manual efforts.
• Documentation testing: This method verifies if documentation is providing enough information about API. This documentation is delivered as a part of the final deliverable by the development team. There are many API documentation templates available like Miredot, Slate, RestDoc, API blueprint, FlatDoc, Swagger, etc.  

What do you need to verify in API Testing?

In API Testing, we generally send a request to API with some input parameters and analyze the response we received for those known data. Below are the key areas we need to verify while performing API testing:

• Response Time
• HTTP Status Codes
• Data Accuracy
• API return value (error codes if API returns an error)
• Authorization checks
• Non-functional testing like security testing, and performance testing.

Types of Bugs and errors detected by API Testing

There are various types of bugs or errors detected by API testing. Below are some of them:

• Security issues
• Performance issues
• Multi-Threading issues
• Unused flags
• Duplicate or missing functionality
• Reliability issue i.e. difficulty while connecting and getting a response from API
• Improper warnings or errors to the caller
• Unstructured response data
• Valid arguments not handled correctly

Best Practices of API Testing

Once you have prepared your test plan, make sure you follow some thumb rules to succeed in the test as much as possible:

• Start testing with typical or expected results.
• Add stress to the system by carrying a series of API load tests
• Test for a failure condition. Make sure API fails consistently for negative cases.
• To ease the work for a tester, prioritize API function calls
• Verify how an API behaves and handles any unforeseen problems
• Automate any API testing task if possible.
• Group test cases based on their category.
• Try to cover all possible input combinations for maximum test coverage
• Mention parameter selection in test cases explicitly.
• Test Chaining should be avoided
• Call Sequencing should be well planned.

Make sure each test case is independent of dependencies if possible.

Advantages of API Testing

API testing provides several advantages to improve the test coverage which provides a faster and more effective result. Some of the advantages are mentioned below:

• Core Functionality Test: The application can be accessed without any user interface through API testing. Core functionality tests result in an early evaluation of any build before any GUI tests are applied to it. This practice identified small issues that can become larger while performing GUI testing. This will reduce the testing cost.

• Language Independent: Data is exchanged in JSON or XML while performing API testing. Transfer modes here are completely language-independent. You can select any core language while automating testing for your application.

• Time and Cost-Effective: API testing is less time-consuming than GUI testing. API tests require lesser code and hence provide faster and better coverage than GUI testing.

• Risk Reduction: API testing is helpful to find bugs early in the test cycle, hence reducing risks.

• GUI Integration: You can easily integrate GUI testing with API testing. This is most helpful when you want to perform API testing followed by functional GUI testing.

Challenges of API Testing

There are some challenges that we face while doing API testing.

• Choosing the right parameters and their combinations
• Validating the output
• Choosing the parameter category properly
• Difficulty in providing input value due to absence of GUI
• Call sequencing should be proper in order to avoid inadequate coverage while testing
• Testing exception handling function
• Coding knowledge is required by a tester.

Tools for API Testing

API testing can be done through various tools. Having the right tool and process for API testing is the most important task as it is the crucial component for any application. There are many open-source and commercial tools available for API testing.

Below is the list of some of the best tools available in the market for API testing:

SoapUI: Automation testing tool for REST and SOAP API. It supports cross-platform and has free and aid plans.

Katalon Studio: It is a Web, API, and Mobile testing tool. It is good for beginners as well as experts. It has a free license and paid support services.

JMeter: It is designed for load testing and functional testing.

Postman: It is an API development environment. It has free as well as paid but cheap plans.

Fiddler: It is a tool to monitor, reuse and manipulate existing HTTP requests. Its APITest extension allows us to validate APIs behaviors across the web.

Apigee: Apigee is a cross-cloud API testing tool that allows users to validate API performance along with building and supporting APIs with other tools like Swagger.

Rest-Assured: It is a tool used for testing REST services in a Java environment. It is an open-source tool.

Swagger: It is a tool for the API designing process which includes the whole API lifecycle.

Assertible: Assertible is an API testing tool known for automation and reliability.

Karate DSL: It is a tool that allows testers to write test cases using the domain-specific language for web service.

RestSharp: It is an API testing tool that is used to test REST for the .NET environment.

There are many other tools available in the market for API testing. Choose according to your requirement and environment.

Conclusion:

API testing plays an important role in any application. If it is not tested properly, it can create problems while calling the application. It is a crucial and mandatory test in the software lifecycle.