Getting Started with API Testing
What is the API?
API is the acronym for Application Programming Interface. It’s a set of routines, protocols, and tools for building software and application. The main purpose of API is to enable communication and data exchange between 2 separate software systems. In other words, API takes responsibility to connect our digital world. Most APIs are using Representational State Transfer (REST) requests through Hypertext Transfer Protocol (HTTP) to request and send data.
Due to the rapid development of APIs over the past few years. API testing has become increasingly important. API testing is a type of software testing that involves testing API directly and as part of integration testing to determine if they meet expectation for functionality, reliability, performance, and security. Unlike GUI testing, API testing mainly concentrates on the business logic layer since API doesn’t have a GUI. And instead of using standard user inputs (by keyboard), in API testing we use software to send calls to the API, get output then note down the system’s response. The output of API testing can be any type of data, a status (Pass or Fail) or a call to another API function.
So, how to perform testing APIs?
We can perform API testing both in automation testing and manual testing. API automation testing is when you use a tool, it’s necessary with APIs to determine how well they perform under pressure. While manual testing is writing your own code to test the API which helps confirm whether something works. And clearly, it’s one of the areas where automation is highly recommended. Test automation can be very useful because of the fast speed of execution and coverage of application featured. Also, automated API tests tend to be more reliable.
There are many types of test for API testing, some of the common kinds of API testing should be following apart from the usual SDLC process, shown as a list below:
- Functionality testing: Confirm that all the API endpoints are up and working and doing as expected.
- Usability testing: The API is functional and on the top of it, user-friendly.
- Reliability testing: Make sure that the API works in all cases, such as connecting and disconnecting network.
- Load testing: When various servers send requests to an API, it is necessary to make sure that the API responds to all of them
- Stress Testing: When more than a set number of requests is received by the API how does it behave? Does it send some message? Works as intended. Mandatory to check.
- Security testing: While giving authentication, it is important to make sure that no security breaches happen in between. No more than required data is shared. Have appropriate authentications, permissions, and access controls.
- Integration Testing: All the APIs connected to each other communicate properly. And the addition of features in the API does not cause the addition of some bugs in other API modules.
To approach, the tester should follow these following points to do API testing:
- Define the scope of the program and functionality of the API: tester must have certain knowledge about the API (how does it work, what is defined as a Pass or Fail, what others API could this API work with?…)
- After getting the overview, apply some testing techniques such as equivalence classes, boundary value or error guessing to create the test case
- Define and planned input Parameters for the API need to be clearly and appropriately
- Setup test environment to execute the test case
- Execute test case then compare expected result to actual result
Those points are some steps for us to understand how we should perform our testing, theoretically. But to perform it in real life, who and what can make tester be good at it?
Who and what can make tester be good at API Testing?
We’re all known there are many challenges in any type of testing. To be specific, in API testing, we have to face some difficulties when using it, such as:
- Main challenges in API testing is Parameter combination, Parameter Selection, and Call Sequencing
- By the time, the project becomes larger, also make Parameter combination get increased with more number of optional parameters. Each of the combinations among these parameters might make difference in the business case and the responses which are to be covered and tested.
- The output of an API can be used as an input of another API. For this reason, there can various sequences of flow can be made. All the sequence flow should be covered to deliver a bug-free application.
- Since API doesn’t have any GUI to test the application which makes it difficult to give input values.
- Validating and Verifying the output in a different system is a little difficult for testers
- Parameters selection and categorization is required to be known to the testers
- Exception handling function needs to be tested
- Coding knowledge is necessary for testers
Due to those challenges, a person who performs API testing needs some specific skills for good performance. Of course, tester or whoever as tester role is the one performing API testing. And to deliver a bug-free application, a tester must have some skills:
- First, the tester should have management skill. As time goes by, project become larger and also some others test tasks, if the tester doesn’t have management skill, they might lose track of the project and lose some potential bugs.
Besides, we can use some good practices apply to our testing process for better performance. Below is a good practice that tester can use:
- Test cases should be grouped by test category
- On top of each test, you should include the declarations of the APIs being called
- Parameters selection should be explicitly mentioned in the test case itself
- Prioritize function calls so that it will be easy for testers to test
- Each test case should be as self-contained and independent from dependencies as possible
- Avoid “test chaining” in your development
- Special care must be taken while handling one-time call functions like – Delete, Close Window, etc,…
- Call sequencing should be performed and well planned
- To ensure complete test coverage, create test cases for all possible input combinations of the API
Now we’re all known about how important is an API to our world today. But why we need to test an API. If our company built an API, of course, we have to test it, make sure our product continues to work after releasing to the customer. But there are reasons make API testing become important to the development process.
4 reasons we need API testing:
- Testing the application early and without a User Interface: The later you find defects, the more expensive they are to fix. In API testing you can start testing your application early even without a UI. This helps to identify and fix issues early in your development process. One of the advantages of API testing is that a lot of logic can be validated without being dependent upon the UI.
- To come up with an effective Test Automation Strategy and Reduce the Costs
According to the test pyramid concept by Mike Cohn, as we move up, the cost involved in the creation and maintenance of test, the test execution time, test fragility and test coverage keep increasing. Therefore, apply your test to Unit and Service layer are much faster, reducing time, effort and cost. During practices like continuous integration, the amount of time the GUI regression test take to provide feedback is too long. Also, if there was a small change in UI can break the test and lead to a lot of rework.
- Agile Software Development and Reduces manual regression testing
The main reason for the speed of development of Agile is to accelerate product delivery and to embrace the changes. Agile can increase the frequency with which applications are released. This might push the QA team into stressed of time. Therefore, we need to create an increased demand for new ways to quickly test them. This makes automation test become a critical factor to maintain agility. And GUI tests are typically too slow to get the test coverage we need during a typical two-week sprint. Also, since API tests don’t rely on a UI to be ready, they can be created early in the development process. So, it necessary for Agile teams apply API testing while decreasing their reliance on GUI testing. Help reduces time spending on regression testing and efforts, also decrease stress for the team.
4. The Internet of Things
The 4th reason that is causing a shift towards API testing is the Internet of things. The Internet of Things is an everyday object with embedded functionality that allows it to talk over the web using HTTP(S) to communicate with remote backend services. Most of them don’t have a GUI. Example: we will have more IoT apps such as a refrigerator that tells you when you’re running low on milk or biosensors embedded in your clothing that can measure your stress level. None of these examples have a traditional user interface. So how do we test them? API Testing is a solution to this trend.
Some recommended tools for API testing
There are many tools available — both open-source and commercial. Like most of the solutions in this industry, finding the ideal-one-tool to do it all is almost impossible. The commercial tools somehow have sufficient features but the costs of ownership will be the show-stop factor. Open source solutions are affordable but require skilled resources and effort to implement the right frameworks. Here are a few tools and resources to help you discover more.
SoapUI is an open-source web service testing application from SMARTBEAR, it’s ones of the leading tools for API testing. Also, SoapUI has the most comprehensive Protocol Support. SoapUI is now available on Windows, Mac, and Linux.
Below is a list of 5 important features of SoapUI:
- Functional testing
- Security testing
- Load testing
- Supported Protocols/ Technologies
- Soap-Integration with Other Automation Tools: Maven, HUDSON, JUnit, Apache- Ant
Pros and Cons:
- Open- source application
- Create a test quickly and easily with Drag and Drop, Point and Click
- Powerful data-driven testing: Data loaded from files, databases, Excel so that they can simulate how consumers interact with the APIs
- Supports all the standard protocols and technologies to test all kind of API’s
- Can create complex scenarios
- It’s not easy to have assertion on JSON response. Sometimes it gives issues if your request contains special characters
- Load testing and Work Flow testing is not an easy task
- SoapUI is very easy to implement but lacks in documentation
- Delay in response from SoapUI customer support
Postman is a product of Postdot technologies with three version: Postman, Postman Pro and Postman Enterprise. Just like SoapUI, Postman can support both services and RESTful services. Also, Postman is now available on Windows, Mac, and Linux, too
- Easy to use, support users at both UI and non-UI
- Can be used for both automated and exploratory testing
- Doesn’t require learning a new language
- Create API document
- Enable users to easily share the knowledge with their team as they can package up all the request and expected responses, then sent to their colleagues
- Despite Postman was a free application for API testing. Users still have to purchase some features for full experience on Postman
JMeter is an open source tool available on the market for API testing. JMeter provides an easy integration with Jenkins to run the test periodically and Jenkins has a plugin for Jmeter to parse the result file and display the charts.
- Supports replaying of test results
- Automatically work with CSV files, allowing the team to quickly create unique parameter values for the API tests.
- Users can include the API tests in CI pipelines thank to the integration between JMeter and Jenkins
- It can be used for both static as well as dynamic resources performance testing
Eclipse IDE Java SDK tool – Selenium / Automated API testing
Eclipse IDE Java SDK is an open source tool, which helps in consuming RESTful web services with Jersey Client API. Jersey client API is an easy-to-use, high level, Java technology API that can help you write clients for any HTTP-based RESTful web service.
That’s 4 recommended tools for API testing, and some more tools like Insomnia, Fiddler, Runscope, dotTest, apitester are also available for API testing. Once you have chosen an API testing tool, the first requests to set up are the “happy path” requests. Once all of the “happy path” tests have been created, negative tests can be added. Negative tests are those that make sure that any kind of error is handled correctly. It’s important that an application doesn’t crash when a user accidentally imports invalid data, and it’s important that a malicious user is prohibited from entering harmful scripts into the database.
Can You Walk Me Through an Example?
Watch this video to see how we run a demo for REST API TESTING with Postman – enjoy the video!
How Can We Automate API Testing?
Once a complete suite of positive and negative tests has been created, automation can be set up. The Newman command to run the tests can be integrated into a continuous integration (CI) project. Similarly, Jenkins, Postman, Runscope and SoapUI also provide command-line functionality for integration with CI tools. Please look out for our next article about Automated API Testing in details.
Moving the bulk of your automated tests to API testing will allow your test suite to run much faster and more reliably. You will be able to quickly uncover flaws in the manipulation of the data store, and expose any potential security holes before they can be exploited.
API testing established its trend in automation testing, and more tools will be developed to serve the growing demands of the software development teams. Finding perfect tool for your project is hard, but you should carefully considering your requirements, pros, and cons of each tool to make best choice suit your current status and information of the next choice when your project is more mature.