APIs are the basis of modern software development, especially as more and more teams move away from the massive applications from the past and begin adopting quicker development strategies including microservices approach for their software products.
With microservices beginning to encompass more of the newer development efforts, API testing becomes even more critical than before.
What are APIs, why should I test them?
APIs, or Application Programming Interfaces, are the technology that connects the different systems or layers of an application. Enterprise applications often have three layers: a service (a data layer, a service (API) layer, and a presentation (UI) layer. The API layer comprises the business logic of an application – the instructions of how users can interact with services, data, or functions of the app.
The importance of the API or service layer is that it directly touches both the data layer and the presentation layer, it presents the best opportunity for continuous testing for QA and Development teams. While traditional testing has been focused on the UI, the advantages of API testing are becoming well known.
With many more companies making the move to DevOps and Agile strategies, continuous integration (CI), and continuous deployment (CD), test feedback needs to be quicker than ever. Focusing solely on UI automation—which is notoriously slow—can kill your test automation efforts. As you scramble to ensure that your applications are ready to go-live, API testing should be part of your overall automation strategy.
How to do API Testing
API testing should cover at least following testing methods apart from usual SDLC process
Discovery testing: The test group should manually execute the set of calls documented in the API like verifying that a specific resource exposed by the API can be listed, created and deleted as appropriate
Usability testing: This testing verifies whether the API is functional and user-friendly. And does API integrates well with another platform as well
Security testing: This testing includes what type of authentication is required and whether sensitive data is encrypted over HTTP or both
Automated testing: API testing should culminate in the creation of a set of scripts or a tool that can be used to execute the API regularly
Documentation: The test team has to make sure that the documentation is adequate and provides enough information to interact with the API. Documentation should be a part of the final deliverable
Best Practices of API Testing:
Test cases should be grouped by test category. On top of each test, you should include the declarations of the APIs being called. Parameters selection should be explicitly mentioned in the test case itself. Prioritize API function calls so that it will be easy for testers to test
Each test case should be as self-contained and independent from dependencies as possible
Avoid “test chaining” in your development.
Special care must be taken while handling one-time call functions like – Delete, CloseWindow, etc…
Call sequencing should be performed and well planned
To ensure complete test coverage, create test cases for all possible input combinations of the API.
Types of Bugs that API testing detects
- Fails to handle error conditions gracefully
- Unused flags
- Missing or duplicate functionality
- Reliability Issues. Difficulty in connecting and getting a response from API.
- Security Issues
- Multi-threading issues
- Performance Issues. API response time is very high.
- Improper errors/warning to a caller
- Incorrect handling of valid argument values
- Response Data is not structured correctly (JSON or XML)
Challenges of API Testing
Challenges of API testing include:
- Main challenges in Web API testing is Parameter Combination, Parameter Selection, and Call Sequencing.
- There is no GUI available to test the application which makes difficult to give input values. Validating and Verifying the output in a different system is little difficult for testers. Parameters selection and categorization is required to be known to the testers
- Exception handling function needs to be tested.
- Coding knowledge is necessary for testers.